Techdirt. Stories about "megaupload"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories about "megaupload"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Fri, 26 Aug 2016 10:49:37 PDTThe FBI's Megaupload Domains Are Now Hosting Porn AdsMike Masnickhttps://www.techdirt.com/articles/20160826/09332335351/fbis-megaupload-domains-are-now-hosting-porn-ads.shtml
https://www.techdirt.com/articles/20160826/09332335351/fbis-megaupload-domains-are-now-hosting-porn-ads.shtmlmade the site run much faster. But now Torrentfreak points us to the news that some other FBI sites are serving up porn as well, though mostly out of FBI incompetence, rather than competence. Apparently the domain the FBI was using for its nameservers for the domains it seized from Megaupload expired, and someone else snapped it up and redirected all the sites using those nameservers to advertisements basically for porn. So, the FBI is now essentially pointing people to porn via Megaupload.

Here's the really amazing thing, though: this is not the first time this has happened. The same exact thing happened last year for Megaupload.com. And after Torrentfreak reported on that, the FBI removed the namerservers completely. But just for the .com. The rest of the Megaupload domains continued pointing to the same nameserver... and the domain for that nameserver expired again and has been snapped up by another company pushing porn sites.

Now, the FBI apologists will argue that this is no big deal. Obviously, the FBI didn't do this on purpose. But it certainly does continue to raise questions about the FBI's competence on tech matters. Why the hell were they using nameservers that they either didn't control in the first place, or that were held by someone so incompetent that they were allowed to expire and be snapped up by someone else? Having nameserver domains expire is not a particularly common occurrence. Maybe it's time for the FBI to admit that seizing websites isn't exactly a core competence. Unless it's operating child porn websites. Then, apparently, it has super skills.

Permalink | Comments | Email This Story
]]>well,-they-have-some-experiencehttps://www.techdirt.com/comment_rss.php?sid=20160826/09332335351Fri, 12 Aug 2016 10:46:23 PDTAppeals Court Says It's Perfectly Fine For The DOJ To Steal Kim Dotcom's Money Before Any TrialMike Masnickhttps://www.techdirt.com/articles/20160812/10212635226/appeals-court-says-perfectly-fine-doj-to-steal-kim-dotcoms-money-before-any-trial.shtml
https://www.techdirt.com/articles/20160812/10212635226/appeals-court-says-perfectly-fine-doj-to-steal-kim-dotcoms-money-before-any-trial.shtmlcivil asset forfeiture for a while, and it's really problematic in general. In Dotcom's case, it's something of a farce. Remember, civil asset forfeiture is the situation where the US government effectively files a civil (not criminal) lawsuit against inanimate objects, rather than people. In this case, it basically filed a lawsuit against all of Kim Dotcom's money, arguing that it was the proceeds of a crime and therefore, the government should just get it all. Again, this is entirely separate from the actual criminal trial of Kim Dotcom, which has been put on hold while the extradition battle plays out in New Zealand (determining if Dotcom can be forcibly sent to the US to stand trial).

Just the whole process of civil asset forfeiture is troublesome enough. As we've detailed over and over again, it's basically a system whereby law enforcement gets to steal money and other stuff (cars are popular) from people, simply by claiming that they were used in a criminal endeavor. Since the lawsuit is against the stuff, if people want it back, they have to go and make a claim on it, and it's a fairly convoluted process. In this case, things were even more ridiculous, because the government argued that because Dotcom was resisting extradition from New Zealand, he could be declared "a fugitive" and the judge overseeing the case (the same one overseeing his criminal case, Judge Liam O'Grady) agreed. That effectively meant that Dotcom had no legal right to protest the government simply taking and keeping all of his assets -- and they moved forward and did exactly that.

It is difficult to see how this can be legitimately described as anything but theft by the US government. It got someone locked up in New Zealand, based on questionable legal theories, and while he was (quite reasonably) fighting extradition to the US (a place he's never visited and where he has no business ties), it initiated a separate legal process to keep all his money, no matter what happens in his extradition fight and criminal trial. On top of that, it effectively barred him from making an official claim on that money by having him declared a fugitive for exercising his legal due process rights to fight extradition. So while he exercises his legal due process rights in New Zealand, he's blocked from doing so in the US. And all of his money goes to the US government.

As we said after O'Grady's ruling came out, even if you think that Dotcom is guilty of a criminal copyright conspiracy, and even if you think he should be extradited, tried and locked up this should concern you. Let him go through the full legal process, with all that due process entails, and then determine what should happen to his assets. To take them before that's happened, through this questionable side process is immensely problematic.

And that's why Dotcom appealed, and many others -- including a bunch of criminal defense lawyers -- stepped in to argue this was crazy. Unfortunately, earlier today, the 4th Circuit Appeals Court upheld O'Grady's ruling and rubber stamped the DOJ's legalized theft of Dotcom's assets. You should read the 61 page opinion (which was a 2 to 1 decision, with an interesting dissent), but we'll hit on some of the low points here.

There were a number of different arguments raised -- with a big one not just being the basic due process question, but a jurisdiction question. Dotcom's assets are not in the US. His work was not in the US. So why does the US get to seize the money. The majority opinion basically says "because that's what Congress wanted -- it created this law to let the US government seize overseas assets." The opinion admits that there's a bit of a circuit split on this, but goes for it anyway.

When the amendments were introduced in the Money Laundering Improvements Act, Senator D’Amato included an explanatory statement indicating that subsection (b) was intended to provide the federal district courts with jurisdiction over foreign property:

Subsection (b)(2) addresses a problem that arises whenever property subject to forfeiture under the laws of the United States is located in a foreign country. As mentioned, under current law, it is probably no longer necessary to base in rem jurisdiction on the location of the property if there have been sufficient contacts with the district in which the suit is filed. See United States v. $10,000 in U.S. Currency[, 860 F.2d 1511 (9th Cir. 1988)]. No statute, however, says this, and the issue has to be repeatedly litigated whenever a foreign government is willing to give effect to a forfeiture order issued by a United States court and turn over seized property to the United States if only the United States is able to obtain such an order.

Subsection (b)(2) resolves this problem by providing for jurisdiction over such property in the United States District Court for the District of Columbia, in the district court for the district in which any of the acts giving rise to the forfeiture occurred, or in any other district where venue would be appropriate under a venue-for-forfeiture statute.

This is the point that the dissent disagrees on, and argues that the forfeiture should be blocked on jurisdictional questions alone. The key, according to Judge Henry Floyd, is that court decisions must be binding on parties, and not advisory. But that doesn't work when you're talking about an opinion concerning assets overseas, which will still then depend on the local government where those assets live to abide by the ruling.

The majority side-steps this concern by cabining it to the separation of powers context. One of the basic tenets of what constitutes a “case or controversy” cannot be elided so. The defendant in this action--the res--is outside of the United States and beyond the control of the district court. Absent control, no order of the district court can be binding on the res because the fate of the res is ultimately not in the hands of the district court. Instead, the res in this case is subject to the control of the courts of New Zealand and Hong Kong. The district court’s forfeiture order therefore merely advises the courts of a foreign sovereign that (in the district court’s view under the laws of the United States) the United States should have title to the res. Those courts, of course, with control of the res and with the authority vested in them by their own sovereigns, remain free to revise, overturn, or refuse recognition to the judgment of the district court.

As Judge Floyd notes, this makes the opinion nothing more than an advisory opinion, which is prohibited by Article III of the Constitution (concerning the powers of the judiciary).

Back to the majority opinion, the court rejects the argument that this process to steal Dotcom's money without letting him defend himself violates the Due Process Clause of the Fifth Amendment. First, the court says that because some of Megaupload's servers were based in Virginia, the jurisdiction is fine. Then, the court accepts the lower court's decision that Dotcom can be called a "fugitive" even as he's both in contact with the court and going through a perfectly legal process around extradition in New Zealand. Somewhat incredibly, the court decides that because he's resisting extradition, that's the same thing as being a fugitive hiding out. That... should be troubling for a whole variety of reasons. Basically, the court says that due process means that Dotcom has the right to be heard protesting the forfeiture, but that the only way to do that is to stop fighting extradition. It gets down in the weeds parsing the law in determining what the right standard is for determining if fighting extradition counts as being a fugitive, and decides that this was Congress' intent with the law -- that so long as the person is avoiding court, even if for reasons relating to the legality of extradition, they can still be declared a fugitive.

The claimants’ argument that they have legitimate reasons to remain where they are, such as jobs, businesses, and families does not disprove that avoiding prosecution is the reason they refuse to come to the United States.

I imagine that Dotcom's lawyers will now try to fight this as well -- seeking either an en banc rehearing or petition the Supreme Court to hear the case. Both are pretty risky, with a fairly high probability of being rejected. And, of course, as the dissent pointed out, there's still one other hurdle for the DOJ: the assets are held in Hong Kong and New Zealand, and they now need to convince authorities in those two places to hand over the money. And, as of right now, it's not clear if they'll actually let it happen.

Again, no matter what you think of Dotcom's actual criminal case, this result should be concerning to you. The use and abuse of civil asset forfeiture is the real issue here -- not the copyright questions. The ability of the US government to simply take millions of dollars based on accusations and without a guilty verdict in a trial should be tremendously worrying. If a full trial happened and he was found guilty, then there's a reasonable argument that, as a result of that, the money can be forfeited. But it's extremely problematic that the money can be forfeited in these circumstances, before the rest of the legal process has occurred. Under this ruling, even if Dotcom came to the US and was found not guilty, the US government would still keep all his stuff. Can anyone explain how that would be a fair and just result?

Permalink | Comments | Email This Story
]]>this-is-pretty-fucked-uphttps://www.techdirt.com/comment_rss.php?sid=20160812/10212635226Wed, 23 Dec 2015 19:39:00 PSTJudge's Opinion On Kim Dotcom Shows An Unfortunate Willingness To Ignore ContextMike Masnickhttps://www.techdirt.com/articles/20151223/17344133165/judges-opinion-kim-dotcom-shows-unfortunate-willingness-to-ignore-context.shtml
https://www.techdirt.com/articles/20151223/17344133165/judges-opinion-kim-dotcom-shows-unfortunate-willingness-to-ignore-context.shtmlruled that Kim Dotcom and his colleagues were extraditable. Dotcom is appealing the decision, so it's not over yet. Soon after the decision was announced, the full ruling by Judge Nevin Dawson was released. It's a staggering 271 pages, and I've spent a good chunk of today reading it over. Some parts of it are more compelling than others, and there may even be enough to support the ruling. However, what troubles me is how frequently Judge Dawson appears to totally, without question, accept the US government's arguments (as relayed by New Zealand prosecutors), despite the fact that many of them are clearly misleading at best, or downright incorrect.

It would take too long to go point by point through the whole thing, but I did want to highlight a few points that I found concerning. The key issue in the extradition fight is whether or not copyright infringement is an extraditable offense. Under the treaty between the US and New Zealand, it is not considered an extraditable offense, which is why a variety of other "conspiracy" charges are piled on in the complaint against Dotcom. Yet, Judge Dawson basically tosses much of that out, arguing that "conspiracy to defraud" is an extraditable offense, and copyright infringement can be a conspiracy to defraud. As Dotcom's lawyers noted yesterday, this would basically write out the fact that copyright is not an extraditable offense.

However, almost all of this "conspiracy to defraud," as well as the other issues that the court finds extraditable (such as "money laundering") are all based on the claims of the DOJ, many of which were presented ridiculously out of context by the DOJ in the original indictment, but which Judge Dawson takes as perfectly accurate, without considering alternative explanations. For example, there's the question of whether or not Megaupload had its own search engine. As we noted in the original indictment, this is particularly ridiculous. A key reason why the original Napster got shut down was because it had a search engine, which the court used to argue that it was more involved in the infringement. Thus, there's a strong argument for why a site should not have a search engine, in order to make it harder to find infringing materials. Yet, the DOJ argued that this was part of the "conspiracy" and that it showed that Megaupload was trying to hide the infringing activities from law enforcement. Damned if you do, damned if you don't. But Judge Dawson flat out accepted the DOJ's argument. Judge Dawson quotes a Skype discussion between two of Dotcom's colleagues, Mathias Ortmann and Bram Van Der Kolk, in which Ortmann notes that "searchability is dangerous and will kill us." And the judge concludes:

There was so much infringing content on the sites that its presence had to be disguised and made non-searchable. Traffic flowed to this content through third party sites.

That's one interpretation. A more plausible explanation could be that these guys didn't want to make their site easy to use for infringement and thus didn't make the material searchable. Instead, that's used against them.

Elsewhere, the judge uses a discussion between Kim Dotcom and Ortmann about how to make sure the service is "invulnerable" to legal challenges as proof that they "appreciated that Mega operated unlawfully and was at risk of being shut down by a court." Of course, a perfectly reasonable alternative explanation is that their discussion was on how to make sure they were not unlawful and not at risk of being shut down by a court. There are plenty of business discussions that tons of businesses could have like this that, devoid of context, could be presented in this misleading way. Any time any two executives from a business were to discuss specifics of making sure their business is legal could then be misrepresented as evidence that they "knew it operated unlawfully and was at risk of being shut down by a court."

There are lots of other examples of this, including conversations between basically all of the defendants discussing (and sometimes joking about) the possibility of lawsuits (most of which they assume would be civil lawsuits). But just because you think you might get sued is hardly evidence of a conspiracy or belief that what you're doing is illegal. I've had many discussions with our lawyers about doing things to protect ourselves from getting sued. That doesn't mean I believe I'm operating illegally. It means I understand the legal environment we operate in, where lawsuits happen frequently, and I'd like to minimize the risk. But in this case, every hint of Megaupload doing the same is treated as an admission of knowingly breaking the law. It's true that there are some conversations that do seem to go beyond this point, such as when Ortmann and Van Der Kolk complain that the business can't be sold because it's not "legit" -- so it's reasonable to argue that those are enough. But, so many of the conversations seem to be spun so far beyond reality that it makes the evidence appear a lot stronger than it really is.

Some of the evidence is just outright ridiculous. At one point, Ortmann sends Dotcom a link to an agenda for an "IP Crime Conference" that was hosted in the same building that was officially Megaupload's headquarters (a Hong Kong hotel) with the tagline "in the lion's den." The judge concludes that from this you can infer "Mega's business was copyright piracy." Huh? How is that a reasonable inference?

Now, I know that some folks are already banging angrily below in the comments about this, pointing out that of course Megaupload was used for infringement, and all of this is just hand-waving to ignore that fact. But that's not what I'm doing here at all. Yes, it's quite clear that Megaupload was widely used for infringement. But that alone is not a criminal offense. When the VCR was first introduced, it was widely used for infringement. When the mp3 player was first introduced, it was widely used for infringement. When the DVR was first introduced. Tape players. Photocopiers. Radio. But that alone does not constitute a criminal offense. Yet, here the judge seems to think that any weak inference that the execs at Megaupload knew that their service was used for infringement implicates them in a criminal conspiracy.

That seems incredibly problematic.

Similarly, as the DOJ did in its indictment, the Judge focuses a lot on the "incentive" program that Megaupload put in place, whereby users who post files that get a lot of downloads could profit from those downloads. The claim by the DOJ, and totally accepted by Judge Dawson, is that this is proof that they were encouraging infringement. But, again, such a program could just as easily be useful for non-infringing purposes as well. If you were a singer and wanted to give away your music for free, but still profit from it, you could see how this could be a compelling business model. In fact, some major recording artists, such as Busta Rhymes, were excited about using Megaupload in just this manner. Yes, obviously some would use this to post infringing files, but again the fact that some users could misuse the service does not mean the company's execs are criminals.

For example, the court uses the fact that Ortmann and Van Der Kolk messaged each other about how uploaded files in the program are "not yet" being "audited for copyright violation" as evidence that the program was designed to drive infringement. But there is no requirement under the law to proactively monitor the content for infringement. Later the judge uses the fact that the incentive program was purposely designed to "attract new users" and to reward "huge uploaders" as evidence that "this was not cyberlocker activity but mass distribution of illicit content." Again, this presumes that the only possible use for a cyberlocker is to store personal data, and not to use it to distribute and share files (many of which may be perfectly legitimate).

Again, some of the other statements may cross the line -- including discussions about specific users where the defendants appear to recognize that certain files are infringing. There are also discussions about whether to cut off incentive payments in cases where they know a user is uploading infringing material (where they don't cut off those payments). Those may be the most damning. But, again, straight up copyright infringement isn't supposed to be an indictable offense. And it's all this other stuff that the judge uses to argue some wider "conspiracy to defraud."

Also, as has been pointed out time and time again, there is no such thing as "secondary" criminal copyright infringement. That is, it's not a criminal offense if your tool is used by someone else to infringe. But all that basically gets ignored.

There's a lot more in there, and it's worth reading through and looking at all of the arguments and evidence. I can see why the judge ruled the way he did. And much of it is similar to the arguments in the original indictment. And, again, there may actually be enough in there for the extradition to go forward, but so much of it seems bound up in taking statements out of context that it seems pretty sketchy. If those kinds of arguments were dropped, and the ruling focused just on the clear evidence of some sort of plan to "defraud" it would seem like a much stronger argument. The fact that piece of evidence after piece of evidence just seems so... weak, raises serious questions about the whole decision.

Permalink | Comments | Email This Story
]]>this is disappointinghttps://www.techdirt.com/comment_rss.php?sid=20151223/17344133165Tue, 22 Dec 2015 18:00:12 PSTNew Zealand Says Kim Dotcom Eligible For Extradition; Dotcom To AppealMike Masnickhttps://www.techdirt.com/articles/20151222/17581433160/new-zealand-says-kim-dotcom-eligible-extradition-dotcom-to-appeal.shtml
https://www.techdirt.com/articles/20151222/17581433160/new-zealand-says-kim-dotcom-eligible-extradition-dotcom-to-appeal.shtmlare eligible for extradition, following the long extradition trial earlier this year. The judge apparently said that the evidence was "overwhelming" against the defendants. This does not mean that Dotcom and crew are boarding a plane across the Pacific just yet. They have 15 days to file an appeal and Dotcom's lawyers have already indicated that such an appeal is on the way (what did you expect?). Dotcom's lawyer Ira Rothken points out that under New Zealand's extradition agreement with the US, there is no extradition over copyright issues -- and argues this ruling renders such a safe harbor "illusory." Of course, even if that fails, there's still a separate process for approving the actual extradition, which would take place with New Zealand's Justice Minister, but that part of the process is more of a formality than anything else. It's not over yet, but at this point things are leaning strongly towards Dotcom and his colleagues being shipped to Virginia to face a US criminal trial.

Permalink | Comments | Email This Story
]]>and on it goeshttps://www.techdirt.com/comment_rss.php?sid=20151222/17581433160Wed, 16 Sep 2015 11:00:00 PDTLarry Lessig Tells New Zealand Court That DOJ's Case Against Kim Dotcom Is A ShamMike Masnickhttps://www.techdirt.com/articles/20150916/09395232272/larry-lessig-tells-new-zealand-court-that-dojs-case-against-kim-dotcom-is-sham.shtml
https://www.techdirt.com/articles/20150916/09395232272/larry-lessig-tells-new-zealand-court-that-dojs-case-against-kim-dotcom-is-sham.shtmlsubmitted an affidavit that completely destroys the DOJ's case. He argues not only that Dotcom's actions do not amount to any sort of extraditable offense, but that they don't even seem to be against US law at all. If you've been following the case at all, you know that under the US/New Zealand extradition treaty, copyright infringement is not an extraditable offense. That's why the US has lumped in a bunch of questionable claims about "conspiracy" and "wire fraud." But most of those are just repeating the infringement claims in different ways. Lessig dismantles all of them and suggests the DOJ case is a lot of smoke and mirrors. His summary brings it all together:

It is my opinion that the Superseding Indictment and Record of the
Case filed by the DOJ do not meet the requirements necessary to
support a prima facie case that would be recognized by United States
federal law and subject to the US-NZ Extradition Treaty. An attempt
has been made to extract facts from multiple sources and over a wide
span of time, to organize a large number of otherwise disconnected
facts by using systematic phraseology and to juxtapose phrases in
order to create an impression of coherence and substance. However,
the attempt fails to reach its goals and any impression of coherence or
substance dissolves under examination. Insofar as they are alleged in
the Superceding Indictment and the ROC, respondents’ actions were
not prohibited by criminal statutes of the United States. Filings of the
DOJ attempt to create a false impression of criminal guilt and are not
reliable.

Lessig's detailed analysis covers many of the same issues I raised just days after the raid on Dotcom's mansion and his arrest. Basically, it appears that the DOJ is trying to make up a form of criminal copyright infringement that is based on "well, Hollywood really dislikes him." A key issue, as we've discussed in the past, is that there is no such thing as secondary criminal copyright infringement. The Supreme Court, in the Grokster case, created a concept known as inducement for civil copyright infringement, but criminal copyright infringement cannot be expanded by the courts -- only by congress. Yet, the DOJ is trying to pretend that there is such a thing as secondary criminal infringement, despite it not being in the law.

... criminal copyright liability cannot be broadened by invoking
civil concepts of secondary copyright infringement directly or under the
guise of the general aiding and abetting statute, 18 U.S.C. § 2. See
Sup. Ind. Counts Four, Five, Six, Seven, and Eight. The United States
legislature previously removed “aiding and abetting” from the copyright
act, evincing an intent to eliminate that form of liability

He further notes that the indictment and DOJ arguments repeatedly refer to the DMCA, but the DMCA is only for civil copyright infringement, not for criminal:

The DMCA is only a defense in the civil context because only civil
indirect or secondary liability is possible under the common law.
Common law liability principles cannot be extended to criminal liability,
which must be specifically proscribed by statute. See Dowling v.
United States, 473 U.S. 207, 213-214 (1985). Because there cannot
be common law crimes under United States law, the DMCA further
emphasizes that criminal indirect liability for copyright infringement
does not exist by statute.

And thus, Megaupload's "failures" to follow the DMCA cannot be the basis of criminal charges:

... allegations of defendant’s failure to maintain a DMCA
policy or defects in a defendant’s DMCA procedures cannot be the
basis of criminal copyright charges....

And, of course, he points out that under the Sony Betamax case that confirmed VCRs were legal in the US, the standard the Supreme Court set up was if a technology had "substantial non-infringing uses," which Megaupload clearly had.

Lessig also points out something that should be pretty obvious, but is often forgotten: the US Copyright Act does not apply outside the US.

An important limitation on enforcement powers of the DOJ is the
principle that the United State Copyright Act has no application outside
of the territorial bounds of the US, and therefore there is neither civil
nor criminal liability under United States law for acts of infringement
taking place outside of US borders.

And, yes, the DOJ points out that Megaupload had servers in the US, but as Lessig points out that's not enough under US law:

The Superseding Indictment does discuss the existence of
Megaupload servers in the United States.... But
the mere presence of data servers in Virginia does not establish that
direct infringement took place there. See, e.g., CoStar Group, Inc. v.
LoopNet, Inc., 373 F.3d 544, 549-50 (4th Cir. 2004) (holding that direct
infringement under the civil standard requires more than “mere
ownership of a machine used by others to make illegal copies” and
that there “must be actual infringing conduct[.]”); Cartoon Network LP,
LLLP v. CSC Holdings, Inc., 536 F.3d 121, 131-32 (2d Cir. 2008)
(direct civil infringement requires “volitional conduct,” not mere
ownership of device used by others to infringe).

The Superseding Indictment never states that any specific user, much
less any of the criminal defendants, chose to upload or download any
specific infringing work from within the United States.

That seems like a pretty big flaw in the DOJ's case.

Perhaps an even bigger flaw? The lack of any showing that any of the defendants engaged in all of the required elements for criminal copyright infringement:

the DOJ fails to show direct criminal
copyright infringement on the part of Megaupload personnel or on the
part of Megaupload cloud storage users. The allegations in the
Superseding Indictment and the Record of the Case do not match up
to all of the elements of offenses. Importantly, there is no showing that
any specific Megaupload representative or third-party user had the
requisite mens rea to willfully violate copyright law. There is an even
more fatal failure to show that Megaupload personnel agreed with a
third party user to commit such violations. An agreement requires
communications between defendants and the user, not just
discussions among Megaupload personnel and a general
“environment of infringement.” Attempts to juxtapose pieces of
allegations do not succeed in making even a single whole, unified
criminal charge.

As Lessig details, criminal copyright infringement requires willful infringement for the purpose of commercial advantage or private financial gain. The complaint does not do a very good job of showing the "willful" part. Just showing that the company was slow to take down content is not enough. In fact, Lessig points out, charges of criminal copyright infringement need to list out the actual works infringed and then show all the other necessary elements:

proof of charges of both Criminal Copyright
Infringement and also Conspiracy to commit such crimes must identify
specific copyrighted works on a work by work, link by link basis, and
describe the who, what, when, where, why, and how to meet all the
elements for each such instance and to examine fair use, amongst
other things. The “willfulness” requirement means that a person must
have had the specific intent to commit copyright infringement as to
each individual work.

And yet, the Dotcom indictment fails to do basically all of that.

As for the attempt to get around the fact that there is no secondary infringement in criminal law by saying, "oh, well, it's just aiding and abetting," that doesn't fly either. Yes, users may have willfully infringed, but the evidence is lacking that the Megaupload team did the same, and just "aiding and abetting" doesn't work:

Aiding and abetting requires a showing of “double wilfulness,” which is
lacking in the Superceding Indictment and ROC. A vague charge of
“making available” a copyrighted work under a theory of “Aiding and
Abetting Criminal Copyright Infringement,” is insufficient. In my opinion
the government has failed to allege sufficient facts that the
Megaupload defendants shared in any alleged infringer’s criminal
willful intent. Gestalt allegations that the Megaupload cloud storage
system brought about the arrangment that made the vague criminal
acts of the alleged infringers possible is insufficient “willfulness” as a
matter of law. As discussed above, Megaupload did not exercise
volitional control over user uploads, link sharing, and downloads.

Basically, he's calling out the fact that the DOJ is picking and choosing different actions by completely different actors and trying to tie them all together to create all the elements for criminal copyright infringement. But you can't do that.

The Supreme Court of the United States has stated that the aiding and
abetting statute converts an accomplice into a principal, but that aiding
and abetting is neither a separate crime nor is it relevant to the distinct
crime of conspiracy. See Pereira v. United States, 347 U.S. 1, 11
(1954) (“Aiding, abetting, and counseling are not terms which
presuppose the existence of an agreement. Those terms . . . mak[e]
the defendant a principal when he consciously shares in a criminal act,
regardless of the existence of a conspiracy.”) (emphasis added).
Therefore, allegations that defendants aided or abetted a crime of
copyright infringement do not amount to an extraditable offense. The
crime, if it exists, must be specifically shown.

A similar argument dooms all the "conspiracy" charges. End users may have willfully infringed, but that doesn't create a "conspiracy" between them and the Megaupload team.

United States v. Hickman, 626 F.3d 756 (4th Cir. 2010), a decision by
the Fourth Circuit Court of Appeals is particularly instructive. In that
case, the court was asked to decide if a store that sold thousands of
glass vials was engaged in a conspiracy to distribute heroin, since it
was well known that such glass vials were used primarily to package
heroin for sale. Id. at 767-73. The Fourth Circuit explained that merely
selling the vials was not sufficient to demonstrate the crime of
conspiracy without something more. Id. The court would have required
that the defendant possess explicit knowledge of specific plans to
distribute heroin in order to be convicted of conspiracy. Id. This is
consistent with other Fourth Circuit decisions which generally require a
"showing that the defendant knew the conspiracy's purpose and took
some action indicating his participation." Chorman, 910 F.2d at 109.

As mentioned above, a member of the conspiracy must undertake
some "overt act" which furthers the underlying offense of the
conspiracy. Chorman, 910 F.2d at 109. Thus, in order to properly state
a claim for conspiracy to commit felony copyright infringement, there
must be an agreement between two individuals to commit that crime,
and then one of the individuals, who is a party to the agreement, must
commit an act in furtherance of that crime.

As discussed above, infringing acts are alleged to have been
committed by unnamed Megaupload users. A crime of conspiracy
requires an agreement with criminal infringers. No such agreement is
shown.

Lessig notes that while the record in the case shows lots of communication between Megaupload staff, it shows none between the staff and the users of the site who are actually doing the infringing. That's a pretty weak conspiracy.

there is no allegation of direct
communication with the user, and no reason to believe that the
Megaupload employees entered into a relationship with the user
beyond a series of retail transactions regarding cloud storage space
on the Megaupload leased servers.

Lessig also rips apart the arguments for wire fraud, noting that they all seem to be based on the idea that Megaupload didn't abide by the DMCA (again a US law).

Alleged frauds revolve around Megaupload’s practices under the
DMCA and around an “Abuse Tool” Megaupload provided to copyright
owners or agents who wanted to deliver to Megaupload DMCA notices
of infringing materials on the Megaupload site and automatically
disable access to such materials. It is alleged that Megaupload made
misrepresentations in connection with the Abuse Tool, promising to
delete access to referenced materials while only deleting the
referenced URLs and without deleting all other URLs in the database
that pointed to such materials. It is further alleged that the Abuse Tool
did not operate as represented, that deletions were delayed and that
the site promised to terminate repeat infringers but failed to do so....

As mentioned above, the DMCA serves to explicitly limit the copyright
liability of Internet service providers and to provide a “safe harbor” from
copyright claims.... If an online service provider like Megaupload is noncompliant
the result is loss of the civil safe harbor defense not a
criminal fraud.

Furthermore, Lessig notes that for there to be wire fraud, US law requires a scheme to defraud users and then the use of mail or wire in furtherance of that scheme. Yet the indictment is lacking in defrauded parties.

It is alleged that Megaupload received “advertising revenue as a result
of the continued availability of files,” while never stating that the
copyright holders themselves made any pay outs....
Thus, there is no allegation that the advertisers were ever lied to,
deceived or misled; in other words, the party deceived and the party
that lost property were two completely different individuals.

It is also alleged that Megaupload received money from users who
purchased premium subscriptions.... However, as
with the advertisers, there is no indication that the users were
deceived or misled in any way.

Moreover, the DOJ must look at the monies actually received when
charging the crime of wire fraud, and cannot look to any “intangible
right” that may belong to the copyright holder. United States courts
have explained that intangible rights cannot form the basis of a wire
fraud charge. See United States v. Hilling, 891 F.2d 205, 208 (9th Cir.
1988) (reversing a mail fraud conviction based on intangible rights).
Nor is a “license” a recognized property right. See United States v.
Schwartz, 924 F.2d 410, 418 (2d Cir. 1991) (overturning wire fraud
conviction because “[t]he [] licenses given appellants were merely the
expression of its regulatory imprimatur, and they had no other effect as
‘property’”).

And all of that dooms the wire fraud claims:

In sum, the DOJ only alleges that one party was deceived: the
copyright holders.... However, that party cannot lay a
claim to a recognized property right that Megaupload is alleged to
have taken; at best the rights claimed would be the right to license
their works, or similar intangible rights which cannot form the basis of a
wire fraud conviction.

Another defect in the DOJ approach is that it is contrary to the DMCA.
The Fourth Circuit has repeatedly upheld the principal of statutory
interpretation which holds that courts “must give effect to every
provision and word in a statute and avoid any interpretation that may
render statutory terms meaningless[.]” Scott v. United States, 328 F.3d
132, 139 (4th Cir. 2003). Here, in order to give proper effect to the
DMCA, the wire fraud statute cannot be interpreted to criminalize
Megaupload’s conduct.

Lessig also attacks the idea that Megaupload even violated the DMCA in the first place. As he notes, the law says a service provider needs to "reasonably implement" a DMCA policy, but leaves the interpretation of "reasonably implements" up to the courts. And the standard interpretation, from the Perfect 10 v. ccBill case is that it's reasonably implemented "if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications." And Megaupload had all of that.

The DOJ, instead, is rather incredibly arguing that because Megaupload did not immediately delete 100% of infringing files, it violated the DMCA and thus is guilty of criminal copyright infringement. That's stretching the laws way past breaking points in multiple directions.

The DOJ does not allege that Megaupload had no policy at all, nor
does the DOJ allege that Megaupload “actively prevent[ed] copyright
owners from collecting information[.]” Instead, the DOJ charges a
much lower standard: that Megaupload failed to terminate 100% of all
repeat infringers, ... and moreover, that this failure, in
the face of Megaupload’s stated policy, was a misrepresentation
sufficient to sustain a charge of wire fraud....

The purpose of the DMCA is to prevent liability where a defendant has
stated a policy and reasonably implemented it—not where a defendant
has failed to terminate each and every repeat infringer. Indeed, the
statute recognizes that service providers are not required to terminate
all repeat infringers in order to comply with the DMCA (17 U.S.C. §
512(I)(1)(A)) or to remove their posted content. See e.g. Perfect 10,
Inc. v. Giganews, Inc., 2014 WL 8628034, at *9 (C.D. Cal. Nov. 14,
2014) (“Giganews had no obligation to indiscriminately remove every
post a repeat infringer ever posted and Perfect 10 may not shift its
burden of policing copyright infringement to Giganews in the guise of a
claim for direct infringement.”).

Were the DOJ able to simply charge defendants with a separate crime
(in this case wire fraud) then the liability safe harbor becomes
meaningless, and Scott v. United States is thus violated. As a result, it
is improper to interpret the wire fraud statute as criminalizing
Megaupload’s actions, and the proper interpretation is to give effect to
the DMCA’s stated safe harbor provisions.

Lessig also points out that the DOJ is just wrong on its argument that after receiving a notice on a file, Megaupload must delete all versions of that file. That's not what the law says at all.

The DOJ appears to be asserting that an online operator who receives
copyright take down notices identifying one URL must search for and
delete all duplicate files in the system or be subject to a copyright or
fraud claim. In my opinion the DOJ’s theory of copyright or fraud
liability is erroneous.

Megaupload reduced operating loads by “deduplication,” namely
maintaining only a single copy of a file in its database and generating
multiple pointers to such file. Each pointer identified an uploader of the
common file. It is possible for one uploader to have a right to fair use
of a copy of a file, e.g., a purchaser uploading a backup or an
educational organization offering critical commentary, while other
uploaders might have no such fair use right. It is contrary to the
purpose of the DMCA that a fair use right would be violated though a
take-down notice directed at another person’s wrongful use. If such a
violation were to occur, the provider of the take-notice would be
subject to liability under the DMCA (17 U.S.C. § 512(f)).

Such an approach can lead to mass DMCA 512(f) misrepresentation
claims against the DMCA noticing parties.

As he notes, the US courts -- particularly in the Lenz case -- have said that takedowns require looking at fair use. And if the DOJ's theory was accurate, that would be wiped out, because notices would be sent for files without any idea if they were fair use or not.

There's a lot more in the document, but it basically picks apart the entire DOJ indictment, and points out that they're making up new criminal theories that they're not allowed to, and misrepresenting other claims at the same time. Thus, not only is it not clear that Dotcom did anything deserving of extradition, it's not even clear that he broke any laws at all.

Of course... whether or not the New Zealand court pays attention to any of this, remains to be seen -- but it is a strong argument from a well respected and knowledgeable source.

Permalink | Comments | Email This Story
]]>taking it up a notchhttps://www.techdirt.com/comment_rss.php?sid=20150916/09395232272Fri, 27 Mar 2015 10:36:27 PDTHow The US Government Legally Stole Millions From Kim DotcomMike Masnickhttps://www.techdirt.com/articles/20150326/18041530458/how-us-government-legally-stole-millions-kim-dotcom.shtml
https://www.techdirt.com/articles/20150326/18041530458/how-us-government-legally-stole-millions-kim-dotcom.shtmlbasics of the lawsuit by which the US government was seeking to keep pretty much all of Kim Dotcom's assets, despite the fact that Dotcom himself hasn't been tried -- and, in fact, it hasn't even been determined if he can be extradited to the United States (a country he's never visited). This week, that case took another step, with the judge, Liam O'Grady, who had already ruled that Kim Dotcom could be considered a "fugitive," more or less finalizing the theft of Dotcom's assets by declaring a default judgment in favor of the US. This isn't the end of the process (not by a longshot), but it highlights just how the US government can use some ridiculous procedures to steal millions in assets from someone who hasn't been shown to be guilty of anything.

As we discussed last time, the story of the raid on Kim Dotcom's rented home in New Zealand, the seizure of all of his cars, money, bank accounts, computers, servers, etc. is well known. That was part of a case for which Kim Dotcom was indicted (under what appears to be questionable legal reasoning -- but that's a separate issue). As has been widely reported, that case is still on hold while Dotcom fights extradition from New Zealand. The extradition fight will finally go to a New Zealand court later this summer. Once that's done, if Dotcom loses, he'll be sent to the US, where he'll face a criminal trial based on the indictment.

But this is actually separate from all of that. You see, when the US government grabbed or froze all of Dotcom's assets, they did so using an asset seizure procedure. Asset seizure is allowed in such cases, but the government then has to give that property back. What the government really wanted to do is keep all of Dotcom's tens of millions of dollars worth of assets -- and in order to do that it has to go through a separate process, known as civil asset forfeiture. It's technically a civil (not criminal) case, but (and here's the part that people find most confusing), it's not actually filed against Kim Dotcom at all, but rather against his stuff that the government already seized. Yes, it's technically an entirely separate lawsuit, that was only filed last summer (two and a half years after the government seized all of his stuff and shut down his company), entitled United States Of America v. All Assets Listed In Attachment A, And All Interest, Benefits, And Assets Traceable Thereto. And, as we noted last time, Attachment A is basically all of Kim Dotcom's stuff.

This whole process is known as an "in rem" proceeding -- meaning a lawsuit "against a thing" rather than against a person. And the "case" basically says all this stuff should be "forfeited" to the US government because it's the proceeds of some criminal activity. You would think that in order for such civil asset forfeiture to go forward, you'd then have to show something like a criminal conviction proving that the assets in question were, in fact, tied to criminal activity. You'd be wrong -- as is clear from what happened in this very case. Once the Justice Department effectively filed a lawsuit against "all of Kim Dotcom's money and stuff," Dotcom did what you're supposed to do in that situation and filed a challenge to such a ridiculous situation. And here the DOJ used the fact that Dotcom was fighting extradition to argue that he was a "fugitive." Judge O'Grady agreed with that last month, and that resulted in the decision earlier this week to then declare a "default judgment" in favor of the DOJ, and giving the US government all of Kim Dotcom's stuff.

A "default judgment?" As you know if you regularly read Techdirt, that's usually what happens when a defendant simply ignores a court case filed against him. As the court notes in this ruling, for that to happen in a civil asset forfeiture case, it means no one tried to block the claim:

Federal Rule of Civil Procedure 55 permits the court to grant a motion for default judgment when the well-pled allegations of the complaint establish plaintiff's entitlement to relief, and where a defendant has failed to plead or defend as provided by the rules.... In the civil forfeiture context, default judgment is permitted where no potential claimant has filed a response to the complaint...

A defendant in default, and a claimant who fails to assert a claim in rem, is deemed to have admitted all of the plaintiff's well-pled allegations of fact, which then form the basis for the judgment in the plaintiff's favor.

But, wait, you say: Kim Dotcom did file a complaint about the asset forfeiture, so how could a default judgment happen here? That's where the whole "fugitive" bit comes in. Because Dotcom won't come to the US, he's been deemed a fugitive, and thus the Judge simply hands over all of his stuff to the US government. And thus, without any sort of criminal conviction at all, the US gets to steal millions of dollars from Dotcom.

If that sounds insane, you're absolutely right. And, again, it is entirely possible that when all of this is over, Kim Dotcom will be found guilty of "criminal conspiracy." If that's the case, then at that point it's reasonable to discuss whether the government should get to keep all of his stuff. But it seems an absolute travesty of concepts like due process for the government to be able to take all of his money and stuff based on purely procedural reasons having to do with a separate criminal case that hasn't even been tried yet.

The process isn't over yet. Dotcom can still appeal this ruling, though the real problem is with the civil asset forfeiture process, rather than how it was applied in this particular case. Dotcom also has other options for the assets that are in New Zealand and Hong Kong, in using the local courts in those places to try to block the transfer of those assets to the US government. Not knowing enough about the law in either place, it's difficult to say what the chances of success of such a strategy would be. Either way, this seems like a classic case demonstrating how the civil asset forfeiture process appears to be little more than legalized theft by the US government.

Permalink | Comments | Email This Story
]]>the-fun-of-asset-forfeiturehttps://www.techdirt.com/comment_rss.php?sid=20150326/18041530458Fri, 27 Feb 2015 19:39:00 PSTUS Court Rules That Kim Dotcom Is A 'Fugitive' And Thus DOJ Can Take His MoneyMike Masnickhttps://www.techdirt.com/articles/20150227/18171630168/us-court-rules-that-kim-dotcom-is-fugitive-thus-doj-can-take-his-money.shtml
https://www.techdirt.com/articles/20150227/18171630168/us-court-rules-that-kim-dotcom-is-fugitive-thus-doj-can-take-his-money.shtmlkeep it, it then needs to go through a separate process known as civil asset forfeiture, which is effectively the government suing the assets. Back in July, the US government moved to forfeit everything it had seized from Dotcom in a new lawsuit with the catchy name USA v. All Assets Listed In Attachment A, And All Interest, Benefits, And Assets Traceable Thereto. As you may have guessed, Attachment A [pdf] is basically all of Kim Dotcom's money and posessions.

Back in November, the DOJ argued that it should get to keep all of Kim Dotcom's money and stuff because he's a "fugitive", which is a bizarre and ridiculous way to portray Kim Dotcom, who has been going through a long and protracted legal process over his potential extradition from New Zealand (though he's offered to come to the US willingly if the government lets him mount a real defense by releasing his money). Dotcom's lawyers told the court that it's ridiculous to call him a fugitive, but it appears that Judge Liam O'Grady didn't buy it.

In a ruling [pdf] that was just posted a little while ago, O'Grady sided with the government, and gave the DOJ all of Dotcom's things. You can read the full reasoning here and it seems to take on some troubling logic. Dotcom's lawyers pointed out, as many of us have, that there is no secondary copyright infringement under criminal law, but the judge insists that there's enough to show "conspiracy to commit copyright infringement." But the reasoning here is bizarre. Part of it is the fact that Megaupload did remove links to infringing content from its top 100 downloads list. To me, that seems like evidence of the company being a good actor in the space, and not trying to serve up more infringing downloads. To Judge O'Grady and the DOJ, it's somehow evidence of a conspiracy. No joke.

The government
has alleged that the conspirators knew that these files were infringing copyrights, as evidenced
by their exclusion of infringing files from the "Top 100" list. The "Top 100" list purported to
list the most frequently downloaded files on Megaupload.... According to the
government, an accurate list would have consisted almost entirely of infringing content, so the
claimants "carefully curated" the list to make the site look more legitimate.... Additionally, the
claimants regularly told copyright holders, including many U.S.-based organizations, that they
would remove infringing content, when in actuality they only removed particular links to the
files.... The actual infringing files remained on the Mega-controlled servers and
could be accessed from other links.

As for that latter part, there are tons of perfectly legitimate reasons to only remove the links and not the underlying files. If Megaupload was doing deduping, then some version of the same file could be perfectly legitimate. Let's take an example: say that you and I have an MP3 of a Katy Perry song. I upload it to Megaupload to keep as a backup. You upload it to distribute to the world. Megaupload dedupes it, and just has the file stored one time. Your link could be potentially infringing if you distribute unauthorized copies, whereas my copy may be a legitimate personal backup. Given that, Megaupload should only delete the links that are called out as infringing, rather than the underlying files, which -- depending on their use -- may or may not be infringing. But the court just takes the DOJ's version and says "good enough for me."

The court also has no problem with the fact that most of the assets aren't in the US, noting that since some of the "conspiracy" took place in the US, that's good enough. It more or less brushes off the concerns raised by Dotcom and the other defendants that this appears to violate existing treaties between New Zealand and the US -- basically saying that because Dotcom refuses to come to the US, it's not "punitive." Huh? On top of that, the judge says that taking all of Dotcom's assets shouldn't interfere with the legal process in New Zealand, because the New Zealand courts could (yeah right) reject the DOJ's request after this ruling to hand over Dotcom's assets.

Then we get to the whole "fugitive" bit. Judge O'Grady notes that the statute does allow him to call anyone who "declines to enter" the United States a fugitive, and argues that Dotcom fits that description. Furthermore, he actually argues that Dotcom's offer to the DOJ to come willingly to the US if the money is freed for his defense actually works against Dotcom, and gives weight to the fugitive claim:

As demonstrated, Dotcom need not have previously visited the United States in order to
meet the prerequisites of § 2466. The statute is satisfied where the government shows that the
claimant is on notice of the criminal charges against him and refuses to "enter or reenter" the
country with the intent to avoid criminal prosecution. Because the court assesses intent under the
totality of the circumstances, it is certainly relevant that Dotcom has never been to the United
States and that he has lived in New Zealand since 2011, where he resides with his family. This
tends to show that he has other reasons for remaining in New Zealand besides avoiding criminal
prosecution. However, the existence of other motivations does not preclude a finding that he
also has a specific intent to avoid criminal prosecution. Dotcom's statements, made publicly and
conveyed by his attorneys to the government, indicate that he is only willing to face prosecution
in this country on his own terms. See Technodyne, 753 F.3d at 386 (2d Cir. 2014) ("The district
court was easily entitled to view those [requests for bail], evincing the [claimants'] desire to face
prosecution only on their own terms, as a hallmark indicator that at least one reason the
[claimants] declined to return in the absence of an opportunity for bail was to avoid
prosecution"). Dotcom has indicated through his statements that he wishes to defend against the
government's criminal charges and litigate his rights in the forfeiture action. If it is truly his
intent to do so, then he may submit to the jurisdiction of the United States.

In short, damned if you do, damned if you don't. This is the justice system, ladies and gentlemen. The DOJ gets to seize and keep all your money, and merely asking for access to it to fight to show your innocence is used as a reason to allow the DOJ to keep it. So he comes to the US and has to fight criminal charges without his own money, or he stays in New Zealand and the government uses it as an excuse to keep all the money. How is any of this even remotely fair? Where is the "due process" in totally handicapping Dotcom from presenting a defense?

Again, it is entirely possible that Dotcom and the others broke the law -- though the case certainly does look pretty weak to me. But what's really astounding is how far the DOJ appears to want to go to make it absolutely impossible for Dotcom to present a full defense of his case.

Permalink | Comments | Email This Story
]]>um.https://www.techdirt.com/comment_rss.php?sid=20150227/18171630168Fri, 27 Feb 2015 13:37:35 PSTPaypal Cuts Off Mega Because It Actually Keeps Your Files SecretMike Masnickhttps://www.techdirt.com/articles/20150227/07165030161/paypal-cuts-off-mega-because-it-actually-keeps-your-files-secret.shtml
https://www.techdirt.com/articles/20150227/07165030161/paypal-cuts-off-mega-because-it-actually-keeps-your-files-secret.shtmlstories of Paypal unfairly and ridiculously cutting off services that rely on it as a payment mechanism, but here's yet another one. Mega, the cloud storage provider that is perhaps well-known for being Kim Dotcom's "comeback" act after the US government shut down Megaupload, has had its Paypal account cut off. The company claims that Paypal was pressured by Visa and Mastercard to cut it off:

Visa and MasterCard then pressured PayPal to cease providing payment services to MEGA.

MEGA provided extensive statistics and other evidence showing that MEGA's business is legitimate and legally compliant. After discussions that appeared to satisfy PayPal’s queries, MEGA authorised PayPal to share that material with Visa and MasterCard. Eventually PayPal made a non-negotiable decision to immediately terminate services to MEGA. PayPal has apologised for this situation and confirmed that MEGA management are upstanding and acting in good faith. PayPal acknowledged that the business is legitimate, but advised that a key concern was that MEGA has a unique model with its end-to-end encryption which leads to “unknowability of what is on the platform”.

MEGA has demonstrated that it is as compliant with its legal obligations as USA cloud storage services operated by Google, Microsoft, Apple, Dropbox, Box, Spideroak etc, but PayPal has advised that MEGA's "unique encryption model" presents an insurmountable difficulty.

That last line is particularly bizarre, given that if anyone recognizes the value of encryption it should be a freaking payments company. And, of course, Paypal can't know what's stored on any of those other platforms, so why is it being pressured to cut off Mega?

Mega's theory -- which is mostly reasonable -- is that because Mega was mistakenly listed in a report released by the "Digital Citizens Alliance" that insisted Mega was a rogue cyberlocker storing infringing content, that payment companies were told to cut it off. If true, this is problematic on multiple levels. The methodology of the report was absolutely ridiculous. Because most Mega files are stored privately (like any Dropbox or Box or Google Drive account), the researchers at NetNames have no idea what's actually being stored there or if it's being done perfectly legitimately. Instead, they found a few links to infringing works, and then extrapolated. That's just bad research practices.

Furthermore, the Digital Citizens Alliance is hardly an unbiased third party. It's an MPAA front group that was the key force in the MPAA's (now revealed) secret plan to have states attorneys general attack Google. Think the MPAA has reasons to try to go after any potential revenue source for Kim Dotcom? Remember, taking down Megaupload and winning in court against Dotcom was a key focus of the company since 2010 or so, and Dotcom recently noted that he's out of money and pleading with the court to release some of the funds seized by the government to continue to fight his case. The lawyers who represented him all along quit late last year when he ran out of money. It seems like the MPAA might have ulterior motives in naming Mega to that list, don't you think?

And, this all goes back to this dangerous effort by the White House a few years ago to set up these "voluntary agreements" in which payment companies would agree to cut off service to sites that the entertainment industry declared "bad." There's no due process. There's no adjudication. There's just one industry getting to declare websites it doesn't like as "bad" and all payment companies refusing to serve it. This seems like a pretty big problem.

Permalink | Comments | Email This Story
]]>doesn't-paypal-like-encryption?https://www.techdirt.com/comment_rss.php?sid=20150227/07165030161Fri, 13 Feb 2015 12:33:00 PSTMegaupload Programmer Takes Plea Deal, Though It's Still Unclear What Criminal Law He ViolatedMike Masnickhttps://www.techdirt.com/articles/20150213/12150230019/megaupload-programmer-takes-plea-deal-though-its-still-unclear-what-criminal-law-he-violated.shtml
https://www.techdirt.com/articles/20150213/12150230019/megaupload-programmer-takes-plea-deal-though-its-still-unclear-what-criminal-law-he-violated.shtmlflown to Virginia to be arrested. Nomm had worked for Megaupload in Europe and had been listed in the criminal case against Megaupload and its various employees. His name had mostly fallen off the radar, since he wasn't down in New Zealand with most of the rest of them. It was obvious in his move to come to the US and be arrested that he must have worked out a plea deal with the feds, and that's confirmed today with him pleading "guilty" to criminal copyright infringement with prosecutors asking for a year and a day in prison, which the court granted. Kim Dotcom noted that he has "nothing but compassion and understanding for Andrus Nomm."

It seems clear that Nomm agreed to some sort of deal to get the overall threat off of his back and to be done with it. It's very, very, very likely that part of the "deal" is to testify against Megaupload and all of his former colleagues. But, reading through the Justice Department's self-congratulatory pat on the back over this plea deal and the indictment against the Megaupload team, I'm still confused as to how this is a criminal charge at all. It seems like he may very well be guilty of civil copyright infringement in personal downloads that he admitted to. But the rest... I don't see how it meets the requirements of criminal copyright infringement. Here's the DOJ statement:

In court papers, Nomm agreed that the harm caused to copyright holders by the Mega Conspiracy’s criminal conduct exceeded $400 million. He further acknowledged that the group obtained at least $175 million in proceeds through their conduct. Megaupload.com had claimed that, at one time, it accounted for four percent of total Internet traffic, having more than one billion total visits, 150 million registered users and 50 million daily visitors.

In a statement of facts filed with his plea agreement, Nomm admitted that he was a computer programmer who worked for the Mega Conspiracy from 2007 until his arrest in January 2012. Nomm further admitted that, through his work as a computer programmer, he was aware that copyright-infringing content was stored on the websites, including copyright protected motion pictures and television programs, some of which contained the “FBI Anti-Piracy” warning. Nomm also admitted that he personally downloaded copyright-infringing files from the Mega websites. Despite his knowledge in this regard, Nomm continued to participate in the Mega Conspiracy.

Of course, the statements about how much "harm" was caused, and even how much money Megaupload made are meaningless. Pretty much everyone knows that anything signed in a plea agreement doesn't mean anything. The more important question is how the rest of it is criminal copyright infringement. For it to be criminal, it has to match certain criteria, and working on a software platform that is used for others to infringe certainly does not reach that level. Nor does knowing that some movies -- uploaded by others -- with the FBI anti-piracy warning message were uploaded (that message, by the way, has basically no legal power). Finally, as for his own personal downloads, those, too, would be civil infringements, not criminal.

And it seems like that may be the only thing he really did wrong from the explanation. He worked for a site that some people used for infringement -- but that's true of lots of internet companies. And he personally downloaded some stuff -- which is also true of a huge number of people. How does he end up in jail for a year other than because the US government came down on him, and he had no other option?

Frankly, this is embarrassing for the DOJ. I wouldn't be putting out a press release for them. Yay, they railroaded a programmer who worked on an internet platform into a "guilty" plea and a year in jail because he helped build a cloud computing system not particularly different than many others out there? What sort of "law enforcement" is this?

Permalink | Comments | Email This Story
]]>out-of-optionshttps://www.techdirt.com/comment_rss.php?sid=20150213/12150230019Wed, 28 Jan 2015 13:36:11 PSTSpying On Sharing: Canada's Intelligence Agency Collecting Data And IP Addresses From Free File-Sharing SitesTim Cushinghttps://www.techdirt.com/articles/20150128/07173529836/spying-sharing-canadas-intelligence-agency-collecting-data-ip-addresses-free-file-sharing-sites.shtml
https://www.techdirt.com/articles/20150128/07173529836/spying-sharing-canadas-intelligence-agency-collecting-data-ip-addresses-free-file-sharing-sites.shtmlphone records, license plate data, cell site location information and any number of communications traveling across international internet backbones are all fair game for the world's law enforcement and intelligence agencies.

The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files…

According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA.

The CSE is keeping tabs on (at least) 102 file-sharing sites (and likely eyeing traffic on BitTorrent networks), but only three are listed in the leaked document: SendSpace, RapidShare and the now-dead MegaUpload. In a statement given to The Intercept, SendSpace said that “no organization has the ability/permission to trawl/search Sendspace for data.” Not that SendSpace's permission (or promises to its users about data security) ultimately matters.

LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites.

The documents (dated 2012) say the agency is only looking for about "2,200 documents" related to terrorists and terrorist activity. From the piles of data amassed, the agency begins its straightforward-as-a-patent-thicket sorting process…

…which at least attempts to sort out the TV episodes from the hostage videos.

The agency then uses the captured IP addresses as selectors to trace activity across the web. The slides show that it has had success linking downloads of targeted files to Facebook accounts and Google profile pages by using two intelligence tools created by outside agencies: MARINA Profile and MUTANT BROTH. NSA-developed MARINA harvests a vast amount of internet activity and GCHQ's MUTANT BROTH intercepts "billions" of ad cookies to help correlate IP addresses.

But, while the agency says it's only tracking ~2,200 files (leading to 350 "interesting" downloads per month), there's nothing in the document (other than the filtering out of unwanted files) that suggests the harvested file-sharing activity isn't stored in bulk. And, like many other spy programs, it bypasses safeguards these sites have implemented and grabs data straight from the backbone.

It's safe to say that no major file-sharing service is able to protect its users' data. Even the promise that this information will only be turned over to law enforcement/intelligence services who present the proper legal paperwork is hollow -- if unintentionally so. The document notes that the agency "sees" about 10-15 million FFUs (Free File Uploads) per day, but fails to provide any clarification as to what that word entails. If "sees" means "collects," then the agency has access to millions of non-relevant IP addresses and uploads. If "sees" means "disregards non-'interesting' uploads/downloads," then the effort is more focused than most of its counterparts' surveillance programs.

On top of that, there's nothing included here that indicates the program has usefulness beyond harvesting data for data-harvesting's sake.

It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports.

When defended, the CSE will probably note that this is part of a suite of tools designed to gather as much information as possible on suspected terrorists. But it has been shown that massive amounts of data makes terrorist hunting harder, rather than easier. And while there is at least some form of targeting built into the system, there's always the potential for abuse. CSE says it won't spy on its own citizens but this statement is undercut by its vast collection effort. It can't have it both ways, especially if it's gathering data directly from backbones. It could be anybody's data, but the agency won't know whose it is until it's looked at it.

Permalink | Comments | Email This Story
]]>more-sharing-going-on-than-previously-imaginedhttps://www.techdirt.com/comment_rss.php?sid=20150128/07173529836Tue, 23 Dec 2014 14:48:25 PSTNew Zealand Supreme Court Says Raid On Dotcom's Home Legal Enough To Get A PassMike Masnickhttps://www.techdirt.com/articles/20141223/06262329510/new-zealand-supreme-court-says-raid-dotcoms-home-legal-enough-to-get-pass.shtml
https://www.techdirt.com/articles/20141223/06262329510/new-zealand-supreme-court-says-raid-dotcoms-home-legal-enough-to-get-pass.shtmldecided that it was legal enough. They admit that while the warrant was probably more vague than the law says it should be, that was okay

"While the search warrants did not specify that the offences were against United States law, or that the offences were punishable by two or more years' imprisonment, this did not cause any significant prejudice to the appellants."

Justices John McGrath, William Young, Susan Glazebrook and Terence Arnold agreed that the warrants for the raid were not unreasonably vague and general.

"Undoubtedly they could have been drafted rather more precisely," they said in their written decision.

"We agree with the Court of Appeal that the appellants were reasonably able to understand what the warrants related to and that the police were adequately informed of what they should be looking for.

"Any issues relating to matters such as the way the search of the computers was conducted or the handling of irrelevant material should be addressed through other processes."

Basically, yeah, sure the warrants didn't technically comply, but everyone sorta understood what was going on, so it's okay. That seems like a fairly slippery slope of reasoning for allowing something that was illegal to proceed because people want it to proceed. The Chief Justice, Sian Elias, didn't agree with her colleagues, and was much more clear in the dissent:

"That conclusion is I think based on a mistaken view of what constitutes a miscarriage of justice in this context," she said in her part of the written decision.

"A search warrant properly issued would not have authorised the seizure of irrelevant material, at least not without setting up conditions to ensure secure and expeditious sorting under the supervision of the court.

"Where, as here, a search warrant was overbroad and no protective conditions were imposed, the relevant miscarriage of justice is complete."

Either way, this issue was always a bit of a sideshow. The fight over extradition to the US is the next big issue, followed by the main event (should it get that far) of an actual trial in the US. Of course, at a bigger level, we're now nearly three years since the US government completely shut down this company, and it's still not clear that it had any legal basis to do so.

Permalink | Comments | Email This Story
]]>quasi-legalhttps://www.techdirt.com/comment_rss.php?sid=20141223/06262329510Mon, 13 Oct 2014 08:09:15 PDTMegaupload Say US Gov't Is Trying To Steal Assets Based On Crimes That Are 'Figments Of The Gov't's Boundless Imagination'Mike Masnickhttps://www.techdirt.com/articles/20141011/07242628799/megaupload-say-us-govt-is-trying-to-steal-assets-based-crimes-that-are-figments-govts-boundless-imagination.shtml
https://www.techdirt.com/articles/20141011/07242628799/megaupload-say-us-govt-is-trying-to-steal-assets-based-crimes-that-are-figments-govts-boundless-imagination.shtmlMegaupload case for many years, noting how surprisingly weak the case against Megaupload and its execs was. The case has been based mostly on a non-existent belief in some form of secondary criminal liability for copyright law that doesn't exist (there is secondary liability in civil copyright law, but not in criminal copyright law -- and while there is "aiding and abetting" in criminal law it's very different and almost certainly doesn't apply here). While part of ACTA tried to create a secondary liability for criminal copyright law, ACTA has not gone into force, since most countries rejected it.

Separately, we've also been talking quite a bit about the government's widespread abuse of civil asset forfeiture, which is basically legalized theft by the US government, often done separately from any charges against people or businesses for crimes. These cases end up with funny names -- the US government vs. some sort of "thing" like the infamous United States v. Article Consisting of 50,000 Cardboard Boxes More or Less, Each Containing One Pair of Clacker Balls, which, yes, is real. Without getting too much into the legal weeds, there are really two separate processes: seizure and forfeiture. Seizure is basically when law enforcement grabs the stuff and hangs onto it for a while. Technically, after seizure, the government is supposed to either give the stuff back... or then file for forfeiture, which is when those crazily named lawsuits come into play.

In the Megaupload case, the government seized a bunch of stuff (all of which is still in New Zealand and Hong Kong), but over in the US, the government has made a move for civil asset forfeiture, leading to a separate civil asset forfeiture case named United States of America v. All Assets Listed In Attachment A, And All Interest, Benefits, And Assets Traceable Thereto. Catchy, right? But the reality is that it's the US government trying to claim "hey, we get to keep everything we took from Kim Dotcom and Megaupload, even though we haven't actually gone through and tried him or the company yet and there's no conclusive determination of guilt, we're saying that his property is guilty and we get to keep it and buy some toys with it."

Dotcom and Megaupload are now asking for that civil forfeiture process to be dismissed, or at the very least put on hold until after the criminal cases is resolved, for obvious reasons. The full filing (pdf) is worth reading -- and once you understand what we wrote above, it should mostly make sense. Basically, Dotcom and Megaupload are pointing out that the whole criminal case is based on a very questionable interpretation of the law, and then that the attempt at forfeiture is just an even more questionable attempt to not just pile on, but to get to keep everything the US government took from Dotcom/Megaupload based on those questionable theories.

Nearly three years ago, the United States Government effectively wiped out Megaupload
Limited, a cloud storage provider, along with related businesses, based on novel theories of
criminal copyright infringement that were offered by the Government ex parte and have yet to be
subjected to adversarial testing. Thus, the Government has already seized the criminal
defendants’ websites, destroyed their business, and frozen their assets around the world—all
without benefit of an evidentiary hearing or any semblance of due process. Without even
attempting to serve the corporate defendants per the Federal Rules of Criminal Procedure, the
Government has exercised all its might in a concerted, calculated effort to foreclose any
opportunity for the defendants to challenge the allegations against them and also to deprive them
of the funds and other tools (including exculpatory evidence residing on servers, counsel of
choice, and ability to appear) that would equip a robust defense in the criminal proceedings.

But all that, for the Government, was not enough. Now it seeks to pile on against
ostensibly defenseless targets with a parallel civil action, seeking civil forfeiture, based on the
same alleged copyright crimes that, when scrutinized, turn out to be figments of the
Government’s boundless imagination. In fact, the crimes for which the Government seeks to
punish the Megaupload defendants (now within the civil as well as the criminal realm) do not
exist. Although there is no such crime as secondary criminal copyright infringement, that is the
crime on which the Government’s Superseding Indictment and instant Complaint are predicated.
That is the nonexistent crime for which Megaupload was destroyed and all of its innocent users
were denied their rightful property. And that is the nonexistent crime for which the Government
would now strip the criminal defendants, and their families, of all their assets.

Beyond the issues related to the basic secondary liability for criminal copyright infringement, the filing further points out that the government doesn't even show that any of the "criminal" infringement took place within the US -- and the Copyright Act only applies in the US.

Nearly three years ago, the United States Government effectively wiped out Megaupload
Limited, a cloud storage provider, along with related businesses, based on novel theories of
criminal copyright infringement that were offered by the Government ex parte and have yet to be
subjected to adversarial testing. Thus, the Government has already seized the criminal
defendants’ websites, destroyed their business, and frozen their assets around the world—all
without benefit of an evidentiary hearing or any semblance of due process. Without even
attempting to serve the corporate defendants per the Federal Rules of Criminal Procedure, the
Government has exercised all its might in a concerted, calculated effort to foreclose any
opportunity for the defendants to challenge the allegations against them and also to deprive them
of the funds and other tools (including exculpatory evidence residing on servers, counsel of
choice, and ability to appear) that would equip a robust defense in the criminal proceedings.
But all that, for the Government, was not enough. Now it seeks to pile on against
ostensibly defenseless targets with a parallel civil action, seeking civil forfeiture, based on the
same alleged copyright crimes that, when scrutinized, turn out to be figments of the
Government’s boundless imagination. In fact, the crimes for which the Government seeks to
punish the Megaupload defendants (now within the civil as well as the criminal realm) do not
exist. Although there is no such crime as secondary criminal copyright infringement, that is the
crime on which the Government’s Superseding Indictment and instant Complaint are predicated.
That is the nonexistent crime for which Megaupload was destroyed and all of its innocent users
were denied their rightful property. And that is the nonexistent crime for which the Government
would now strip the criminal defendants, and their families, of all their assets.
Because the Government’s Complaint improperly grasps for assets derived from extraterritorial
conduct, it falls outside the subject-matter jurisdiction of this Court.

“For the Copyright Act to apply, ‘at least one alleged infringement must be completed
entirely within the United States.’” Elmo Shropshire v. Canning, 2011 WL 90136, at *3 (N.D.
Cal. Jan. 11, 2011) (quoting Los Angeles News Serv. v. Reuters Television Int’l, Ltd., 149 F.3d
987, 990-91 (9th Cir. 1998)); see also Columbia Pictures Indus., Inc. v. Fung, 2009 WL 6355911,
at *8 (C.D. Cal. Dec. 21, 2009) aff'd in part as modified, 710 F.3d 1020 (9th Cir. 2013)
(plaintiffs must show “that United States users either uploaded or downloaded copyrighted
works”). Tellingly, the Complaint and the Superseding Indictment together fail to identify a
single instance in which an act of infringement—particularly an unauthorized upload or
download—occurred entirely within the United States.

Instead, the Complaint plainly accuses foreign activities that fall outside the scope of the
Copyright Act. The Government describes Megaupload as “an international criminal
enterprise,”..., and “a worldwide criminal organization,”.... Other allegations
reference foreign citizenships, foreign company registrations, foreign employees, foreign bank
accounts, foreign assets, and computer servers located “around the world.” ....
Indeed, the reality is that Megaupload’s activities—its users, its operations, its uploadings, and
its downloadings—spanned the world at all relevant times. Yet the Complaint is seeking
forfeiture without specifying the location of any infringement or confining itself to U.S. borders.

Then it gets deep into that attempt by the "boundless imagination" of the US government to create secondary criminal liability where it does not exist.

In fact, there is no such crime. Strikingly, the criminal copyright infringement statute, 17
U.S.C. § 506(a), says nothing whatsoever about secondary liability. See, e.g., Sony Corp. v.
Universal City Studios, Inc., 464 U.S. 417, 434 (1984) (“The Copyright Act does not expressly
render anyone liable for infringement committed by another.”). The statute does not state that
criminal liability can be predicated upon theories of secondary liability, nor does it contemplate
that the reach of criminal liability is to be coextensive with civil liability.
Because the Government’s proposed theory of secondary criminal copyright infringement is not codified, it is
unknown to federal law—and it is no basis for this Court to assert jurisdiction.

Indeed, a theory of secondary criminal copyright infringement or any species thereof,
including aiding and abetting through cloud storage case, would be unconstitutional under the
void-for-vagueness doctrine. “A penal statute must define the criminal offense with sufficient
definiteness that ordinary people can understand what conduct is prohibited and in a manner that
does not encourage arbitrary and discriminatory enforcement.” Connally v. General
Construction Co., 269 U.S. 385, 391 (1926). If the Government’s theory takes hold, then
ordinary people and legal scholars alike will be left guessing where civil secondary copyright
infringement ends and criminality begins, particularly in an era when automated file transactions
and “foot faults” faced by high-volume providers of online services are routine.

In a footnote, it also points out that Megaupload likely isn't even subject to civil secondary infringement claims, let alone criminal ones:

The Complaint’s allegations would not even satisfy the civil standards for secondary
infringement, for cloud-storage technology is shielded from civil liability by the Sony doctrine,
which forbids imputing liability in the context of dual-use technologies. See Sony Corp. of
America v. Universal City Studios, Inc., 464 U.S. 417 (1984). Likewise, online service providers
deserve protection against civil liability that is based on theories of constructive notice. See
Religious Technology Center v. Netcom On-Line Communication Services, Inc., 907 F. Supp.
1361 (N.D. Cal. 1995).

Furthermore, the ruling points out that the DMCA did not codify secondary liability, but, rather, did the opposite: it sought to establish standards to protect service providers from secondary liability for copyright infringement.

Thus, Congress not only declined to codify secondary liability, but further
expressed its intention to protect service providers against even “monetary relief” in the civil
context: it follows a fortiori that Congress did not want secondary copyright infringement to
serve as a trigger for criminal punishment. The Government’s secondary criminal theory finds
no traction “without rewriting the statute: an act the Congress, but not this court, can undertake.”

As for the attempt to mix and match to pretend that this is "aiding and abetting" and that aiding and abetting is the equivalent of secondary liability for criminal copyright infringement, no dice:

But that is no conceivable basis for
criminal prosecution, much less resulting forfeiture. Congress specifically removed from the
Copyright Act language about aiding and abetting criminal infringement. See Irina D. Manta,
The Puzzle of Criminal Sanctions for Intellectual Property Infringement, 24 Harv. J.L. & Tech.
469, 481 (2011) (“Several years later, countering what had been a trend of expansion in the area
of criminal sanctions, the Copyright Act of 1976 eliminated the provisions for aiding and
abetting . . .”) Judicial reinsertion of the deleted language, particularly in the criminal context,
would chill innovation, creating the prospect of criminal sanctions despite, for instance,
compliance with express DMCA safe harbors. Even assuming arguendo that such a criminal
prosecution might ever be permitted, neither 18 U.S.C. § 2323 nor 18 U.S.C. § 981 authorizes
civil asset forfeiture for proceeds traceable to aiding and abetting criminal conduct. There is,
accordingly, no jurisdiction for entertaining a request for civil forfeiture as pleaded here.

The filing also points out that since the property is still in Hong Kong and New Zealand, the US can't use civil forfeiture procedures against it anyway as that's outside the jurisdiction for such "in rem" procedures.

The Fourth Circuit holds that a district court does not have in rem jurisdiction unless it
has “exclusive custody or control” over the property at issue. R.M.S. Titanic, Inc. v. Haver, 171
F.3d 943, 964 (4th Cir. 1999) (“Only if the court has exclusive custody and control over the
property does it have jurisdiction over the property”). Exclusive custody and control obviously
do not exist over the foreign assets at issue here. Nor does this Court have constructive
possession over the property. The “fiction” of constructive possession requires that the Court
possess some part of Claimants’ assets. R.M.S. Titanic I, 171 F.3d at 964. Yet no portion of the
assets sought by the Government resides in this district.

On top of everything else, the government doesn't even properly make a single claim of copyright infringement, with all of the necessary attributes of such a claim:

Missing from the Government’s pleadings are specifics about, e.g., (i) what works are at
issue; (ii) whether those works are registered in the United States; (iii) whether those works were
uploaded or downloaded and stored in the United States; (iv) which end users performed the
infringing acts; (v) whether the end users acted with the intent to violate United States copyright
law and (vi) when the alleged acts of infringement occurred (and whether they fell within the
Copyright Act’s five-year statute of limitations). 17 U.S.C. § 507(a). The Complaint does not
contain a single instance of infringement as to which all of the requisite facts have been pleaded.

The closest the Complaint comes to these specifics is mentioning that Dotcom distributed
a link to an unnamed “musical recording” by “50 Cent.” ... The Complaint does not
allege the name of the recording; its copyright registration number; the authorization status of
link; whether Dotcom properly purchased the recording; who uploaded the file to create the link;
who (if anyone) downloaded the file from the link; where any uploads or downloads occurred; or
where Dotcom was geographically when he distributed the link. The Complaint does provide a
date of distribution (December 3, 2006) but that date falls more than five years before the first
Criminal Indictment, well outside the five-year statute of limitations set by 17 U.S.C. § 507(a).

And of course, for it to be criminal, it would have to be willful, and yet (once again) the US government fails to do anything to show how any of the infringement was willful. Specifically, as we've noted in other similar cases, the government would have to show that the users of Megaupload were both infringing willfully and for profit, and that the execs of Megaupload were actively aiding and abetting -- knowing that the end users were doing so willfully. Here the government is doing the same thing that's been done in other cases (without success) arguing that the users are infringing and the site is profiting, and thus it's both willful and for profit, but that's combining different people and different actions in a manner that the law does not accept.

On top of all of that the filing questions why the government is seeking to seize everything. Not only has it not shown a reason to seize any of the assets, it appears to be arguing that all of the proceeds from Megaupload were illegal and thus can be taken by the US government.

While this is a separate action from the other Megaupload situations we've covered -- regarding the criminal case in the US and the extradition attempt in New Zealand -- it certainly does a pretty good job laying out the significant weaknesses in the overall case.

Permalink | Comments | Email This Story
]]>civil-fofeiturehttps://www.techdirt.com/comment_rss.php?sid=20141011/07242628799Fri, 19 Sep 2014 05:51:39 PDTNew Zealand Whistleblower Reveals He Was Told To 'Bury' Unflattering Info About The Gov't Spying On DotcomMike Masnickhttps://www.techdirt.com/articles/20140918/17020328567/new-zealand-whistleblower-reveals-he-was-told-to-bury-unflattering-info-about-govt-spying-dotcom.shtml
https://www.techdirt.com/articles/20140918/17020328567/new-zealand-whistleblower-reveals-he-was-told-to-bury-unflattering-info-about-govt-spying-dotcom.shtmlmonumentally questionable the whole thing was. Frankly, I have no idea if what Dotcom did with Megaupload broke the law, but the indictment against him was filled with really questionable claims, the GCSB (local equivalent of the NSA) illegally spied on Dotcom and then deleted the evidence, the police sought to suppress images of the raid itself, and evidence was mishandled. Oh, and it was eventually revealed that customs officials agreed to share info on Dotcom with the FBI in the US to "buy... brownie points" with the FBI.

And, now a former high-ranking New Zealand Customs lawyer has said that he quit his job after he was ordered to "bury" information that made the New Zealand government look bad. Specifically, this is about that last point above -- the letter concerning the brownie points. Apparently, the New Zealand government didn't want that email to get out, despite it being required to be released under a freedom of information request (in New Zealand it's the Official Information Act). Curtis Gregorash, a lawyer in the Customs department was told directly not to release any such documents:

"Mr Taylor directed me to withhold all information and pass the same direction on to my team."

He said he was subjected to an internal investigation after releasing information about Dotcom sought by the NZ Herald through the Official Information Act. The information released saw Customs staff discuss earning "brownie points" by passing on Dotcom information to the FBI.

"Simpson Grierson [Dotcom's lawyers] had made several Privacy Act requests of the Government, some of which flowed through Customs, and decisions were made from ministerial level with Maurice Williamson directing Customs, 'Don't you dare release anything - nothing at all.'"

Gregorash apparently disobeyed these orders and released the "brownie points" letter -- as required by law -- and then faced an internal investigation, leading to him resigning in protest.

The "brownie points" OIA release to the Herald was the tipping point. "I got dragged over the coals for it. There was an investigation into me. I was cleared. I resigned after that."

He also seems to indicate that other documents that should have been released were withheld as well:

"All sorts of jokes and laughs and cut-downs that were being made by officials to each other were being withheld for [what he considered to be] no reason."

Gregorash had held onto the story for a while, but decided that it needed to be told.

Combined with everything else about this investigation and prosecution, it again makes you wonder what people were thinking. It still really feels like the DOJ and New Zealand officials all simply believed Hollywood's fanciful stories about Dotcom being "Dr. Evil" -- a cartoonish villain so bad that official and legal processes could be thrown out the window just to get him at any cost. Once again, it suggests that Hollywood and the DOJ officials who support it would be much better off actually taking the time to understand the nuances of the copyright debate, rather than their crude "piracy bad" level of understanding that they seem to have of it.

Permalink | Comments | Email This Story
]]>incrediblehttps://www.techdirt.com/comment_rss.php?sid=20140918/17020328567Wed, 23 Apr 2014 19:53:40 PDTMegaupload Asks Hong Kong Court To Drop Restraining Order On Megaupload Assets, Claiming Legal ViolationsMike Masnickhttps://www.techdirt.com/articles/20140423/07304527003/megaupload-asks-hong-kong-court-to-drop-restraining-order-megaupload-assets-claiming-legal-violations.shtml
https://www.techdirt.com/articles/20140423/07304527003/megaupload-asks-hong-kong-court-to-drop-restraining-order-megaupload-assets-claiming-legal-violations.shtmlset aside the restraining order on the company's assets that was put in place over two years ago, following a request from the US Justice Department. Megaupload was always legally based in Hong Kong, even if the company itself was based in New Zealand. Megaupload appears to be claiming that the Hong Kong Justice Department did not properly follow the law in going along with the US DOJ's request. The main issue, which has been debated back in the US, is that, technically, the DOJ cannot serve Megaupload (the company) since it has no US employees or presence. The DOJ can go after foreign individuals, but when it comes to foreign companies, the law is pretty explicit that they can't. While the DOJ is actively seeking to change that law, it doesn't change the basic problem with the original request.

Megaupload is pointing out that the US DOJ's request to the HK DOJ depended on Megaupload being served the criminal summons. But since that hasn't been satisfied, it argues the HK DOJ has no basis for restraining Megaupload's assets:

The order was granted on the basis of an ex parte application by the HK DOJ made at the request of the US DOJ. The grounds for discharge of the order is the failure by the HK DOJ—acting on the basis of information provided by the US DOJ—to fully and frankly disclose in that ex parte application serious legal issues relating to the US DOJ’s inability to serve Megaupload with a criminal summons in accordance with United States federal law. Among other things, the US DOJ failed to explain how it intended to comply with the service of process requirements imposed by the Federal Rules of Criminal Procedure, which, as argued in Megaupload’s application, are an essential prerequisite to initiating any criminal proceedings against Megaupload and cannot be satisfied for a corporation that has no physical presence or subsidiaries in the United States. Megaupload has submitted those filings with its application to the High Court.

Megaupload claims it's seeking to free the assets in order to attempt to regain control over the leased servers from Carpathia, which the DOJ has been hoping would be destroyed (leading to the destruction of evidence in a criminal case, at the DOJ's urging). While the issue of serving Megaupload is something of a technical snafu, it's one in a rather long line of sloppy lawyering by the DOJ throughout this case.

Permalink | Comments | Email This Story
]]>frozenhttps://www.techdirt.com/comment_rss.php?sid=20140423/07304527003Fri, 11 Apr 2014 09:03:12 PDTRIAA Files A Near Word For Word Copy Of MPAA Lawsuit Against MegauploadMike Masnickhttps://www.techdirt.com/articles/20140410/17365826875/riaa-files-hey-us-too-lawsuit-against-megaupload-near-word-word-copy-mpaa-lawsuit.shtml
https://www.techdirt.com/articles/20140410/17365826875/riaa-files-hey-us-too-lawsuit-against-megaupload-near-word-word-copy-mpaa-lawsuit.shtmlvery questionable lawsuit against Megaupload, recognizing that the statute of limitations would run out in a few months. And just days later, the RIAA has followed suit with a nearly identical filing. While they're done by two different law firms, the similarities between the lawsuits are uncanny -- including the numerous defective (to dangerous) attempts to reinterpret copyright way beyond what the law actually says. We already covered why most of these theories are defective, but let's look at some similarities between the filings. I mean, honestly, if the RIAA and MPAA weren't so close, and if it were possible to claim copyright on legal filings (as some do assert), you'd think that the MPAA attorneys might have a claim on the RIAA's attorneys for copying their work. One wonders how much the RIAA's lawyers charged to basically rearranged some words in the MPAA's filing.

Let's start at the beginning. Here's how the MPAA describes what Megaupload does:

Megaupload amassed the millions of popular content files that it hosted on its
servers and offered to the public for download by openly encouraging and paying users to upload
these files. Any Internet user who went to the Megaupload website could upload a computer file,
whether or not the user registered as a member. When the upload was completed, Megaupload
reproduced the file on at least one computer server it controlled and provided the user with a
Uniform Resource Locator ("URL")"link" beginning with "megaupload.com." The uploader
could then propagate the link broadly over the Internet, so that anyone interested in downloading
or otherwise accessing a copy ofthe file could easily find it on Megaupload's servers.

Any user who had the URL link could access and download the associated
content from Megaupload's servers. By "clicking" the URL link (or copying it into any web
browser), the user was taken to a "download page" on the Megaupload website that allowed the
user to download a copy of the file from a computer server controlled by defendants.

And the RIAA's version:

Beginning in late 2005 and continuing at least to January 2012 when Defendants were indicted, Megaupload amassed the millions of popular content files that it hosted on its servers and offered to the public for download by openly encouraging users to upload these files. Until mid-2011, Megaupload went so far as to actually pay its users to do this. Any Internet users who went to the Megaupload website could upload content files, regardless of whether the users registered as members. Upon completion of the uploads, Megaupload reproduced each file on at least one computer server it controlled and provided the users with a Uniform Resource Locator ("URL") "link" beginning with "megaupload.com" for each uploaded file. The uploading users could then propagate the links broadly over the Internet, so that anyone interested in downloading or otherwise accessing copies of the files could easily find them on Megaupload’s servers.

Users in possession of the Megaupload URL links could access and download the associated content from Megaupload's servers. By "clicking" the URL links (or copying them into any web browser), users were taken to a "download page" on the Megaupload website that allowed users to download the content, including Plaintiffs’ recorded music, from computer servers controlled by Defendants.

Yeah. That's pretty damn similar, including numerous identical phrases. Someone's copying something. Okay, how about the lack of a search (which, as we noted previously, is ridiculous, since Napster got in trouble for having a search, and now everyone's saying that not having a search is just as damning). Here's the MPAA:

To conceal the scope of infringennent occurring on the Megaupload website,
defendants did not provide users with a searchable index of files available for download from the
Megaupload website (although defendants themselves had access to such an index). Instead,
defendants relied on numerous third party "linking" sites to host, organize, and promote URL
links to Megaupload-hosted infringing content, including plaintiffs' copyrighted works. Such
linking sites made infringing content broadly and easily accessible to users by maintaining an
index of links to content files organized by category and/or alphabetically by titles of the
copyrighted work; some such linking sites also offered search boxes where users could enter
queries quickly to find the content they wanted. Many of these linking sites were blatant pirate
sites, hosting thousands of links to infringing material. Any visitor could quickly see the
widespread availability on many linking sites of links to infringing content on Megaupload.
Defendants knew of this open infringement on pirate linking sites and closely tracked the traffic
from those sites to Megaupload. Furthermore, defendants provided financial incentives for
premium users to post links to these sites through the Uploader Rewards program.

Okay, and the RIAA version:

To conceal the scope of infringement occurring on the Megaupload website, Defendants did not provide users with a searchable index of files available for download from the site (although Defendants themselves had access to such an index). Instead, Defendants relied on numerous third party "linking" sites to host, organize, and promote URL links to Megaupload-hosted infringing content, including Plaintiffs' copyrighted works. Such linking sites made infringing content broadly and easily accessible to users by maintaining an index of links to content files organized by category and/or alphabetically by titles of the copyrighted work; some such linking sites also offered search boxes where users could enter queries quickly to find the content that they sought. Many of these linking sites were blatant pirate sites, hosting thousands of links to infringing material. Several of these linking sites exclusively offered Megaupload links. Any visitor could quickly see the widespread availability on many linking sites of links to infringing content on Megaupload. Defendants knew of this open infringement on pirate linking sites and closely tracked the traffic from those sites to Megaupload. Defendants also knowingly interacted with users of linking sites and have visited such sites themselves. Defendants also provided financial incentives for premium users to post links to these sites through the Uploader Rewards program.

Right. So those two paragraphs are identical, except the RIAA adds in two extra sentences about the linking sites. It goes on and on like this, with both filings clearly working off of either each other or the DOJ indictment, which they're copy/pasting into their own filing and fussing with a word or two here or there. Here's just one more example. Both filings claim that Megaupload can't be considered a "cloud storage" site because it would delete unpopular files. Here's the MPAA's version of this:

Contrary to some of defendants' public assertions, Megaupload was not designed
to be a private data storage provider. Users without premium subscriptions were restricted not
only in their downloading capabilities, but also in their ability to store files on the site. Any
content they uploaded would be deleted if it was not also downloaded within a certain period of
time -- after 21 days in the case of unregistered, anonymous users and after 90 days in the case of
registered users who were not premium subscribers. Only premium subscribers (estimated to be
1% of users) could use Megaupload for long-term file storage.

And the RIAA's nearly identical text:

Megaupload was in no respect designed to be a private data storage provider. Users without premium subscriptions were restricted not only in their downloading capabilities, but also in their ability to store files on the site. Any content that users uploaded would be deleted if it was not also downloaded within a certain period of time--after 21 days in the case of unregistered, anonymous users, and after 90 days in the case of registered users who were not premium subscribers. Only premium subscribers (estimated to be one percent of users) could use Megaupload for long-term file storage.

Of course, Kim Dotcom has now refuted this claim, saying that content that was unpopular was not deleted from Megaupload.

However, even beyond that, I fail to see how having a service like this that deletes unpopular content suddenly disqualifies it from being a legitimate service. Lots of other legitimate services have similar terms. While it appears to have recently changed this, the popular image sharing site Imgur (which we use at Techdirt) used to have a very similar clause, saying that "images that are not viewed for 6 months may be removed. However, images with pro accounts can only be removed by you." That doesn't mean they were not a legitimate service.

Nor does it mean it's not a "cloud" service. Different cloud services serve different markets, and services like Megaupload (and Imgur) tend to be more focused on the immediate sharing of content (not necessarily infringing content). In fact, if you look back at the origins of Megaupload, it initially resembled services like the old "YouSendIt," which were focused on making it easier for people to move any file from one person to another. That's not encouraging infringement, it's encouraging being able to transport a digital file it's completely neutral to whether or not the content is or is not infringing.

Either way, the RIAA's lawsuit is a near carbon copy of the MPAA's, and is just as faulty in its reasoning. It's nothing more than a blatant pile on in the attempt to twist copyright laws to their liking.

Permalink | Comments | Email This Story
]]>because that's not infringementhttps://www.techdirt.com/comment_rss.php?sid=20140410/17365826875Wed, 9 Apr 2014 09:01:54 PDTMPAA's Lawsuit Against Megaupload Is Yet Another Broadside Attack On The InternetMike Masnickhttps://www.techdirt.com/articles/20140408/18095926848/mpaas-lawsuit-against-megaupload-is-yet-another-broadside-attack-internet.shtml
https://www.techdirt.com/articles/20140408/18095926848/mpaas-lawsuit-against-megaupload-is-yet-another-broadside-attack-internet.shtmlsue Megaupload in a civil lawsuit to pile on to the criminal charges the company is already facing. As we noted, there's no legitimate reason for such a lawsuit, given the criminal lawsuit already underway, other than as a way to try to get a favorable court ruling it can use against others. Having now read the full complaint against Megaupload, it's quite clear that this is exactly what the MPAA is doing. The lawsuit is incredibly dangerous for the internet, even if you think that Megaupload itself was a bad actor. Even the LA Times -- Hollywood's hometown paper -- has called out the lawsuit for how it may have negative consequences felt broadly across the internet.

That's because the lawsuit makes a whole bunch of claims about Megaupload that are perfectly reasonable activities for tons of user-generated content and/or cloud computing companies. But, because Hollywood has spent years demonizing Kim Dotcom as a movie-style villain a la "Dr. Evil", it seems to be hoping that the courts won't notice that it's basically making up what they want copyright law to be, rather than what it is.

First, it describes the fact that when you upload a file to Megaupload, the service would then give you a link that you could share. The MPAA paints this as if it's some nefarious scheme to encourage infringement. But it's actually how pretty much any cloud or user-generated content site works.

When the upload was completed, Megaupload
reproduced the file on at least one computer server it controlled and provided the user with a
Uniform Resource Locator ("URL") "link" beginning with "megaupload.com." The uploader
could then propagate the link broadly over the Internet, so that anyone interested in downloading
or otherwise accessing a copy of the file could easily find it on Megaupload's servers.

But, of course, Dropbox or YouTube do the same exact thing. Then, they call out the fact that Megaupload did not provide its own search engine, as if that's something nefarious:

To conceal the scope of infringennent occurring on the Megaupload website,
defendants did not provide users with a searchable index of files available for download from the
Megaupload website (although defendants themselves had access to such an index). Instead,
defendants relied on numerous third party "linking" sites to host, organize, and promote URL
links to Megaupload-hosted infringing content, including plaintiffs' copyrighted works.

Except, cloud storage companies from Dropbox to Box to Google Drive don't supply a searchable index of files available on their services either. And that's for a very good reason. Because they're not promoting their services as a place to go to search for infringing works. In fact, you just have to go back to the RIAA's lawsuit against Napster, to see where the exact opposite claim was made. In that case, the court found that Napster was, in part, liable because it had a search feature:

Napster is not an Internet service provider that acts as a mere conduit for the transfer of files.... Rather, it offers search and directory functions specifically designed to allow users to locate music, the majority of which is copyrighted.

Yet, now, the MPAA seems to be arguing that not having a search engine means you're trying to hide copyright infringement. Damned if you do, damned if you don't -- just how the RIAA and MPAA like it. If you have a search engine, you're enabling infringement, if you don't have a search engine, you're "concealing" infringement.

The MPAA also tries to paint other perfectly reasonable business model choices as nefarious. Offering premium paid-for services for faster downloads, or access to larger files, is painted as some evil plan to profit off of infringement. But it also makes perfect business sense for a company like Megaupload seeking to cover its bandwidth bills. Similarly, the famed "financial incentives for premium users" is treated as if this is actually paying people to post infringing works. But that makes little sense. It's actually an incentive to get people to post good content. It's the same reason that YouTube today pays top YouTubers who bring in lots of visitors. Is the MPAA really arguing that such an incentive program is illegal?

To ensure a vast and ever-growing supply of popular copyrighted content to
which they could sell premium access, defendants paid users to upload popular content to
Megaupload's servers. Defendants' Uploader Rewards program promised premium subscribers
cash and other financial incentives if they uploaded popular works, primarily copyrighted works,
to Megaupload's servers. The rewards program also encouraged users to publicly promote links
to that content, so that the content would be widely downloaded.

Except, nothing in this program appeared to be about encouraging people to post infringing works. In fact, it would seem like a pretty stupid program for encouraging infringement, as Megaupload would likely be able to bring in a lot more attention and revenue for authorized legitimate content. Such a program, in actuality, appears to be the perfect way for artists to go direct to their fans, offering them ways to get the content for free, while still earning money. In fact, that's why artists like Busta Rhymes spoke out in favor of Megaupload after it was shut down. He pointed out that he could make a lot more money releasing his own music directly via Megaupload, than in going the old record label system.

Furthermore, since this lawsuit is from the movie studios, they list out a number of specific movies that they claim were on the site. However, Megaupload says that the uploader rewards program only applied to files smaller than 100MB, meaning it likely didn't apply to any films that were uploaded. Assuming that's accurate, the studios are going to have quite a difficult time proving that the rewards program induced infringement of movies.

On top of that, even if the program was used by some to make money from sharing infringing works, the program itself is clearly content neutral, and not about encouraging sharing of infringing works. For the MPAA to allege otherwise threatens all kinds of incentive programs on pretty much any user-generated content site.

Next, the MPAA complains that when they sent takedowns to Megaupload, it only removed the specific URL they sent, and not all copies of the content. But, uh, that's all that the law requires. As the court in the YouTube/Viacom case ruled, under the DMCA, the service provider needs to be made aware of specific locations where infringing content is. They can't just be given a single URL and told to "block all copies of that." Nor would such a request be reasonable either, as infringement depends on context, not content. In the YouTube/Viacom case, Viacom initially sued over files that its own employees had uploaded, meaning they were licensed -- yet it argued those were infringing. You run into the same problem here in that the MPAA is arguing that if you know that a particular file is infringing, all similar content must be removed. But the law does not say that. Though, clearly, the MPAA is seeking to change the interpretation of the law.

Next, the MPAA argues that because Megaupload could have used filtering tools to prevent new uploads of works previously claimed as infringing, and did not do so, that proves it's liable. However, that's completely bogus. Many, many, many copyright cases have all said over and over again that nothing in the DMCA creates a duty for service to proactively filter new uploads. In fact, the industry itself admits that this is true, because they're currently asking Congress to change the law to make this a new legal requirement. Yet, in the Megaupload complaint, they pretend it is already the law:

Megaupload could also have implemented various readily available and effective
technological solutions (including, without limitation, automated filtering using digital
fingerprinting-based content-identification technology) to identify and prevent infringement of
copyrighted content.
Megaupload chose not to do so.

But there is no legal reason why it had to do so. In fact, considering that others have spent tens to hundreds of millions of dollars on such systems, there are perfectly good business reasons not to have spent such money. Here, the MPAA is using this lawsuit to try to get a court to suggest there's a legal duty to filter. This would have a huge negative impact on startups who couldn't afford the tens of millions of dollars entry fee.

You can argue that Megaupload was widely used for infringement. You can even argue that Megaupload management were awful people who didn't care that much about copyright. But if you read this lawsuit objectively, you have to admit that it is a straight up attack on the basic principles of cloud computing and user-generated content, while seeking to change settled law and reinterpret the DMCA in a way the MPAA fantasizes it should be, rather than the way the law is today. That's incredible dangerous.

It's no surprise that they're doing this against Megaupload, a company based halfway around the globe, with all its assets seized, and which is fighting a massive criminal complaint at the same time. That will, obviously, lead to limited resources to fight this civil suit, making it easier for the MPAA to sneak through dangerous changes to the law, via potential court rulings. These are changes that it's been unable to get written into the law for the past few years, so now it's using the courts to try to do its dirty work.

No matter what you think of Megaupload, this is a very dangerous lawsuit.

Permalink | Comments | Email This Story
]]>collateral-damagehttps://www.techdirt.com/comment_rss.php?sid=20140408/18095926848Mon, 7 Apr 2014 13:29:53 PDTHollywood Piles On: MPAA Sues Megupload, Even Though They Already Got The Feds To Kill ItMike Masnickhttps://www.techdirt.com/articles/20140407/13155226829/hollywood-piles-mpaa-sues-megupload-even-though-they-already-got-feds-to-kill-it.shtml
https://www.techdirt.com/articles/20140407/13155226829/hollywood-piles-mpaa-sues-megupload-even-though-they-already-got-feds-to-kill-it.shtmlsuing Megaupload and Kim Dotcom for copyright infringement, in an action separate from the criminal charges he currently faces. Two years ago, the MPAA had indicated it was likely to do this when it asked for some data to be retained for such a purpose. Also, a few months ago, the DOJ (secretly) got an order from the court (without letting Megaupload know) that allowed it to share information with the MPAA so that the MPAA could file its own civil suit against Megaupload.

So you had to know that a lawsuit was coming -- and it had to come soonish, given the three year statute of limitations on infringement claims. The MPAA's press statement simply parrots the DOJ's highly questionable assertions:

“When Megaupload.com was shut down in 2012 by U.S. law enforcement, it was by all estimates the largest and most active infringing website targeting creative content in the world,” said MPAA global general counsel Steven Fabrizio. “Infringing content on Megaupload.com and its affiliates was available in at least 20 languages, targeting a broad global audience. According to the government’s indictment, the site reported more than $175 million in criminal proceeds and cost U.S. copyright owners more than half a billion dollars.”

The MPAA is using its favorite law firm for these kinds of cases, Jenner & Block. Of course, there's a (pretty strong) argument that if the MPAA was so upset by Megaupload, it should have filed this lawsuit years ago, rather than convincing the DOJ to twist and turn things to pretend that it was a criminal issue. Megaupload has a pretty strong defense to a civil suit in pointing out how the DMCA works and the fact that the company complied with DMCA takedowns. But, now, with Megauploads' assets frozen, Kim Dotcom separately having to fight extradition charges and the criminal charges, it just makes it that much more difficult to also fight the civil case -- which is exactly how the MPAA likes it.

Really, this is perfect for the MPAA. There's no reason at all for this lawsuit. Megaupload is about as dead as can be -- and, in fact, much of the data has been deleted already thanks to the DOJ's actions. But at this late stage of the game, the MPAA can pile on, likely get some sort of court victory and will then crow about how it fights copyright infringement hard. And those lawyers at Jenner & Block will certainly be paid nicely.

Of course, what none of this will do is help the MPAA or the studios actually deliver more good content in a format people want. That's too much work.

Permalink | Comments | Email This Story
]]>because-moneyhttps://www.techdirt.com/comment_rss.php?sid=20140407/13155226829Fri, 4 Apr 2014 15:48:16 PDTDOJ Continues To Obstruct Efforts For Megaupload Users To Get Their Files BackMike Masnickhttps://www.techdirt.com/articles/20140404/06325226794/doj-continues-to-obstruct-efforts-megaupload-users-to-get-their-files-back.shtml
https://www.techdirt.com/articles/20140404/06325226794/doj-continues-to-obstruct-efforts-megaupload-users-to-get-their-files-back.shtmlcould be destroyed. We pointed out that this seemed like a clear case of destruction of evidence by the DOJ. First, it seized pretty much all of the assets of a company, prior to any conviction, and then before any actual judicial proceedings, asked for most of those assets -- many of which could include exculpatory evidence -- to be destroyed. It seemed... quite questionable. That resulted in a bit of a legal battle, as the hosting company storing them, Carpathia, asked what it should be doing (since it's suffering from the cost of keeping the servers). Megaupload sought to buy the servers, but the DOJ has blocked that effort. Last we'd heard, the judge had told everyone to work it all out by themselves.

This effort was stopped because the U.S. didn’t want Kim Dotcom to have access to the files. Hoping to get out of this stalemate the Court then suggested that all affected parties should get together and come up with a solution, thus far without success.

“In separate written requests in the past year both Carpathia and Megaupload have asked Magistrate Judge Anderson – who was appointed by Judge O’Grady to mediate the cloud storage server data issue – to preside over follow-up negotiations on data preservation and consumer access,” Rothken tells TF.

“The US DOJ has shown little interest in such negotiations and the Judge has not been inclined to set any additional meetings,” he adds.

The whole situation is bizarre. Individuals who had legitimate content stored on Megaupload are still asking for access to get back their content, but the DOJ doesn't seem to care at all. In fact, it's coming up with increasingly bizarre excuses to justify shutting down an entire business based on the entertainment industry's say so, and seems to have no qualms about how many people this has created massive problems for.

As the Aereo case is about to be heard, and various concerns about its impact on cloud computing are being raised, people should look over at what's happening with Megaupload's servers and be even more concerned. If the broadcasters succeed in redefining what is a "public performance," it's entirely conceivable that the DOJ could choose to do the same to other cloud services you rely on -- and there seems to be no recourse whatsoever.

Permalink | Comments | Email This Story
]]>because-hollywood-once-told-us-someone-was-dr.-evilhttps://www.techdirt.com/comment_rss.php?sid=20140404/06325226794Thu, 20 Mar 2014 15:59:00 PDTNew Zealand Supreme Court Says DOJ Doesn't Have To Provide Its Evidence In Megaupload Extradition CaseMike Masnickhttps://www.techdirt.com/articles/20140320/15301426641/new-zealand-supreme-court-says-doj-doesnt-have-to-provide-its-evidence-megaupload-extradition-case.shtml
https://www.techdirt.com/articles/20140320/15301426641/new-zealand-supreme-court-says-doj-doesnt-have-to-provide-its-evidence-megaupload-extradition-case.shtmlprovide Kim Dotcom and others involved in Megaupload with the actual evidence being used against them for the extradition trial, an appeals court overturned those rulings and now the New Zealand Supreme Court has agreed in rejecting the request. While the chief judge dissented, the majority found that the extradition treaty does not require the country that has filed the charges against the individuals to provide the information and that the New Zealand courts have no real authority to order the US DOJ to provide the evidence. It does seem rather ridiculous that someone can be sent halfway around the world to face criminal charges without first being able to see the evidence against them, but that's apparently the law in New Zealand. They might want to fix that.

Either way, the actual extradition trial was recently pushed back until July (it had been scheduled to start in a few weeks). Seems quite bizarre that they're only just getting to the trial over extradition nearly two and a half years after Megaupload was seized and shut down. The judicial process isn't exactly known for its speed, which is kind of crazy when you realize how quickly (and with such flimsy evidence) DOJ and New Zealand officials acted to arrest Kim Dotcom and his colleagues.

Permalink | Comments | Email This Story
]]>blind-justicehttps://www.techdirt.com/comment_rss.php?sid=20140320/15301426641Wed, 19 Feb 2014 07:23:00 PSTPerfect 10 At It Again: Sues Web Host Of Megaupload In The Wrong Country With The Wrong ProcessTimothy Geignerhttps://www.techdirt.com/articles/20140218/02345426259/perfect-10-it-again-sues-web-host-megaupload-wrong-country-with-wrong-process.shtml
https://www.techdirt.com/articles/20140218/02345426259/perfect-10-it-again-sues-web-host-megaupload-wrong-country-with-wrong-process.shtml
Ladies and gentlemen, we have a friend in the copyright discussion in Perfect 10. In case you're not familiar with it, Perfect 10 is a company that at one time produced wanking material before turning to the far more noble endeavor of entertaining the hell out of us by suing everyone on the planet for copyright infringement. I say they're a friend, because they appear to be going to some length to establish good caselaw by losing suit after suit after suit. Their work is exemplary, really, in terms of their inability to win anything at all.

In their complaint, Perfect 10 accuses LeaseWeb of providing hosting services to several websites that host pirated copies of their images.

“Defendants host and provide Internet connectivity and other essential services to websites, including infringing websites operated in California that have infringed tens of thousands of Perfect 10 Copyrighted Works,” the complaint states.

According to Perfect 10, LeaseWeb currently hosts at least eight websites in the U.S. which store their work without permission; Imgchili.net, imgchili.com, imgtiger.com, imgserve.net, Poringa.net, ultraforos.com, ultraforos.net and Galleryworld.info.

Well, hey, Perfect 10, thanks for letting all of us know exactly where we can find your smut for free, I guess. We have a couple of problems, of course. First, they're suing the hosting provider, indicating that LeaseWeb is "directly responsible" for the infringement done on the aforementioned sites. Then, probably because they realize what a problematic argument that is to make, they mention that LeaseWeb hosted for Megaupload, as though just mentioning the infamous website was some kind of legal trump card. It isn't.

But the problems don't end there. To start, Megaupload is arguing that they regularly comply with DMCA notices sent its way.

“All infringing files Perfect 10 has ever reported to Mega have been removed within hours. We keep track of all DMCA notices and could identify all notifications from Perfect 10 and we have verified that all reported links were disabled within hours."

Some may find that claim dubious, but it doesn't even matter. The point is that hosts typically forward DMCA notices sent their way to the sites in question, who are responsible for taking the content down. LeaseWeb is a hosting service provider. One, by the way, that is hosting sites that aren't even located in the United States.

Leaseweb told Tf that the company hasn’t been served yet, and points out that most of the sites mentioned are hosted by the Dutch LeaseWeb Netherlands BV.

“We use the Dutch Notice and Takedown procedure for LeaseWeb Netherlands BV customers which gives an equivalent protection as the DMCA, we therefor do not see why the US would be the correct forum,” the company states.

So, while Perfect 10 is humbly asking for a mere $188 million in damages, they're likely doing so in the wrong country, against the wrong party, and throwing around an infamous website name like some kind of bower card. That isn't how the law works, but I encourage them to keep at it, since their track record suggests every lawsuit they file results in a winning token for our side.

Permalink | Comments | Email This Story
]]>10-is-the-loneliest-numberhttps://www.techdirt.com/comment_rss.php?sid=20140218/02345426259Tue, 4 Feb 2014 12:18:55 PSTNew Zealand Spy Agency Deleted Evidence About Its Illegal Spying On Kim DotcomMike Masnickhttps://www.techdirt.com/articles/20140204/07522126085/new-zealand-spy-agency-deleted-evidence-about-its-illegal-spying-kim-dotcom.shtml
https://www.techdirt.com/articles/20140204/07522126085/new-zealand-spy-agency-deleted-evidence-about-its-illegal-spying-kim-dotcom.shtmlillegally spied on Kim Dotcom and other New Zealand residents and citizens -- and the New Zealand government then decided to try to hide that. While the police agreed that the spying was illegal, they declined to do anything about it, so Dotcom sued the government himself.

The latest news in this: GCSB appears to have deleted key evidence in the case in a hamfisted attempt to cover up its illegal activities. Even more ridiculous, GCSB is trying to cover this up by claiming that the material had "aged off" -- implying that it was deleted automatically. New Zealand Prime Minister John Key claims that they had to delete the information under the law.

Of course, there are a few problems with that. The first is that under New Zealand law, like most countries these days, parties have an obligation to preserve documents likely to be necessary in a legal case. But, even more damning is that there's video of John Key in the New Zealand Parliament trying to defend against an earlier claim that GCSB had deleted some evidence by insisting that GCSB does not delete anything ever:

In the video, he notes: "This is a spy agency. We don't delete things. We archive them. And they went right back to the ultimate source document, and asked themselves the question: Has there ever been a deletion? And the answer was NO!!" And yet now he's claiming that it's normal everyday policy to delete key evidence?

Permalink | Comments | Email This Story
]]>oopshttps://www.techdirt.com/comment_rss.php?sid=20140204/07522126085Tue, 7 Jan 2014 16:02:51 PST60 Minutes vs. Vice On Kim Dotcom -- Neither One Goes Deep Into The IssuesMike Masnickhttps://www.techdirt.com/articles/20140106/16440725779/60-minutes-vs-vice-kim-dotcom-neither-one-goes-deep-into-issues.shtml
https://www.techdirt.com/articles/20140106/16440725779/60-minutes-vs-vice-kim-dotcom-neither-one-goes-deep-into-issues.shtml60 Minutes concerning a story they were planning on Kim Dotcom. They insisted that it was going to be a more nuanced piece than the usual media coverage portraying Dotcom as the "Dr. Evil" of the copyright industry. The episode finally aired this past weekend, and to the show's credit, it definitely does take a somewhat more nuanced look at Dotcom. An interview with Dotcom is the centerpiece of the story, which certainly allows him to express some of his position. However, it also allows a number of highly questionable statements from the FBI and others, including saying that the $500 million that Megaupload made is "lost revenue" from Hollywood. However, when Dotcom himself makes a claim about being a businessman, the reporter openly laughs at him and points out the fact that decades ago, Dotcom claimed to have hacked into government computers. Much of the piece (and the extra material on the web) focuses almost exclusively on the fact that he lives in a mansion (they conveniently leave out that it's rented). It's not a completely one-sided portrait, but it hardly gets at any of the underlying legal issues that are at the core of the case. Basically, every time they suggest any of the legal issues, it's almost immediately followed up by "But look at this amazing house!"

Meanwhile, a day or two before the 60 Minutes episode aired, Vice released its own interview with Kim Dotcom which is worth watching as well. It covers some of the same stuff from a very different perspective, of course. A lot more of a focus on video gaming, music and such. Unfortunately, it too, is a bit weak on the legal issues. In the second half of that video (the first half is basically just wandering around the house), Dotcom finally is given some chance to weigh in on legal and policy issues -- things that never come up at all in the 60 Minutes interview. Dotcom focuses much more on the NSA revelations, discussing how it's had such a negative impact on the tech industry. Of course, right after Dotcom goes into discussing all these points, the reporter immediately jumps to asking him about the photos of Dotcom on a private plane and a yacht. Also, way too much of the video focuses on the reporter wanting to sing in one of Dotcom's songs. Really?

In the end, both of them are kind of different generations doing the same thing: a story on Kim Dotcom that focuses on "Gee, look at his massive house, and this crazy guy," rather than really presenting the key issues concerning copyright, surveillance, privacy, internet freedom -- and the policies behind all of the laws related to those things. That's too bad, as it's really a lost opportunity for both media properties. Vice at least lets Dotcom raise some of these issues, but pays almost no attention to them.

I can understand the "media" appeal of both stories. Dotcom and his persona are entertaining. But unfortunately, it seems like that too often is used to obscure the underlying issues which are incredibly important and serious.

Permalink | Comments | Email This Story
]]>two-sideshttps://www.techdirt.com/comment_rss.php?sid=20140106/16440725779Mon, 23 Dec 2013 16:20:00 PSTDOJ Releases Some Megaupload Evidence; Actually Shows Difficulty Of Running Cloud ServiceMike Masnickhttps://www.techdirt.com/articles/20131220/15343525657/doj-releases-some-megaupload-evidence-actually-shows-difficulty-running-cloud-service.shtml
https://www.techdirt.com/articles/20131220/15343525657/doj-releases-some-megaupload-evidence-actually-shows-difficulty-running-cloud-service.shtmlsharing Megaupload evidence with private companies, the DOJ has now unsealed details of some of the evidence it has against Megaupload. Looking through the details, it's not surprising that much of it simply repeats things that were in the Megaupload indictment. And, as we noted about the indictment, that seems to include taking a bunch of things out of context, and trying to paint them in the worst possible light, when put back into the context, much of what's discussed doesn't seem that bad at all.

For example, the DOJ discusses Skype chats and emails in which Megaupload employees discuss ways in which they might prevent some infringement from happening, and at other times say things like "I have the feeling that Kim tolerates a certain amount of copyright infringement." While the DOJ seems to think these are damning, it seems like the opposite. It seems clear from a statement like the one quoted that "enabling infringement" wasn't a focus of the operation. After all, if the company was so focused on profiting from infringement, wouldn't it be clearly known and wouldn't it be openly discussed as such? Saying that you think the boss "tolerates a certain amount of copyright infringement" suggests, without any direct evidence, that the company recognizes it needs to deal with the infringement effort, but that there are tradeoffs there. IF the company was really a "piracy conspiracy" as the DOJ and the MPAA like to claim, then you'd think the comments would be much more along the lines of direct quotes about figuring out ways to enable much more infringement. Instead, you get discussions of ways to possibly stop more infringement:

“Maybe we should automatically delete videos on Megavideo that are longer than 30 minutes and have more than XXX views or something because I still see so much piracy that is being embedded.”;

That doesn't sound like something coming from a company that is interested in building a business around infringement. It sounds like a cloud storage provider struggling with the best way to provide the best service possible, while thinking through ways to limit infringement.

As far as I can tell from these snippets, the DOJ seems to be arguing "well, they knew the service was used for infringement, thus they're guilty for not stopping it." But that's not (at all) how the law works. As was found in the Viacom/YouTube case, company officials need to be aware of specific cases of infringement (such as via a clear and complying takedown notice) rather than general knowledge that the platform is used (even widely) for infringement.

Once again, while you never know how a judge might read these statements out of context when presented in the worst possible light by a DOJ that's in-bed with the MPAA, the striking thing to me is that the evidence is so weak. Given just how much the MPAA made Kim Dotcom out to be pure evil, I honestly expected real evidence of an operation built around infringement. The DOJ's case is stunningly weak here. If I were working at the DOJ, honestly, I'd be hoping that the extradition attempt fails, because actually pursuing this case in court runs a very serious risk of a huge embarrassment for the government, bringing a highly questionable case on the weakest of evidence, presented entirely out of context.

Permalink | Comments | Email This Story
]]>chilling-effectshttps://www.techdirt.com/comment_rss.php?sid=20131220/15343525657Fri, 20 Dec 2013 05:16:14 PSTNZ Customs Refuses To Answer Questions After Revelations Of Illegal Orders To Give FBI Info On Kim Dotcom For 'Brownie Points'Mike Masnickhttps://www.techdirt.com/articles/20131220/00054025643/nz-customs-refuses-to-answer-questions-after-revelations-illegal-orders-to-give-fbi-info-kim-dotcom-brownie-points.shtml
https://www.techdirt.com/articles/20131220/00054025643/nz-customs-refuses-to-answer-questions-after-revelations-illegal-orders-to-give-fbi-info-kim-dotcom-brownie-points.shtmlillegal by the NZ High Court. Then there was the issue of the local equivalent of the NSA, the GCSB, illegally spying on Dotcom for the US, despite rules that forbid GCSB from spying on New Zealand residents. It seems to be getting even worse.

A few days ago, it was revealed that a document, which was illegally withheld from an earlier freedom of information request, showed that a senior New Zealand Customs official named Greg Davis, told staffers that it would "buy you many brownie points" if they shared info about Kim Dotcom with the US FBI -- despite not being allowed to share info like this.

At least one of the people who received the email noted that people should "seek legal advice" before handing over such information, but it's unclear if anyone actually did that.

Now, as concerned members of the New Zealand Parliament are wondering why top customs officials were interested in handing over private information on New Zealand residents to a foreign country's intelligence agencies for "brownie points," New Zealand's Customs officials have announced that they will not answer questions about it, in an effort to -- get this -- "protect the privacy" of the guy who sent that email, Greg Davis.

Davis, by the way, was running New Zealand Custom's "Integrated Targeting Operations Centre," which collects a ton of information on travelers. Many in New Zealand had already complained about the possibility of this group to abuse its powers, but at nearly the same time Davis was proving their point, New Zealand Prime Minister John Key was defending the center with that old liar's trope: "anyone who is innocent has nothing to fear." He should have added "unless US officials are interested in you -- then you're fucked."

Permalink | Comments | Email This Story
]]>the-scandal-expandshttps://www.techdirt.com/comment_rss.php?sid=20131220/00054025643Fri, 6 Dec 2013 19:39:00 PSTUS Court Secretly Lets Government Share Megaupload Evidence With Copyright IndustryMike Masnickhttps://www.techdirt.com/articles/20131206/02524925481/us-court-secretly-lets-government-share-megaupload-evidence-with-copyright-industry.shtml
https://www.techdirt.com/articles/20131206/02524925481/us-court-secretly-lets-government-share-megaupload-evidence-with-copyright-industry.shtmlex parte order allowing the government to share evidence from the case with various copyright holders and then to issue press releases about the case. As Megaupload's lawyers point out, the whole thing is a clear due process violation.

The defendants have been indicted, their assets have been frozen, their business has been destroyed, and their liberty has been restrained. Given these constraints, it is unclear what evils the Government fears defendants will inflict if provided notice of the Government’s submission, beyond having Defendants’ counsel come into court to make opposing arguments.

Basically, Megaupload's lawyers are asking to be a part of this process, since it appears that the government wanted (and the court allowed) to cut them out. As Megaupload's lawyers note, allowing the government to sort through and cherry-pick evidence to share, without any context or potential additional exonerating information, is a clear due process violation.

“The Government’s request also substantially prejudices the defendants in the case. Permitting the Government to widely disseminate a one-sided, cherry-picked set of facts threatens to improperly infect the jury pool before defendants are afforded any opportunity to present their side of the story.”

Apparently part of the issue for the original filing to reveal this information was that some copyright holders are getting antsy that as the case drags on, they won't also be able to file civil cases against Megaupload before the three-year statute of limitations expires. However, as Megaupload's lawyers point out, there is no urgency here since the government itself made no move to share this information over the past two years. If it really wanted to share the information it had ample time to make the request and allow Megaupload's lawyers to review and take part in the process, rather than trying to route around them entirely.

I'm guessing the recent successes against IsoHunt and Hotfile may have contributed to the timing as well. The MPAA pretty clearly thinks it can use those two cases to go after Megaupload as well, outside of the criminal case which will continue.